GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk SaaS / CyberArk Self-Hosted - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.27.0

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

This version

0.23.0

0.22.0

0.21.1

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.23.0-py3-none-musllinux_1_2_x86_64.whl (11.6 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.23.0-py3-none-musllinux_1_2_aarch64.whl (10.6 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.23.0-py3-none-manylinux_2_28_aarch64.whl (10.7 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.23.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.5 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.23.0-py3-none-macosx_11_0_arm64.whl (10.1 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.23.0-py3-none-macosx_10_12_x86_64.whl (11.0 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.23.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.23.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 bdaf8b1f9c15c10d606673fd89c74f556196607e8c3ca7639f3b2a4c6819692c
MD5 43fb0ccdc05f11aa42e6222eb091c69d
BLAKE2b-256 8a26e616df5581615c6a944014970f1232fc675987a3bb8d6dfeb256974c015d

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.23.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.23.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.23.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 7d70e278ba4b9836935289a0e8ea6373f0ccd10c4030a878c33d7f0ee53e0181
MD5 0157c4fca1df95d59656a91c91e60314
BLAKE2b-256 c2865fc49a1ba9823de6889eed1166fb0a2c26610f58306cbfe364656d84077f

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.23.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.23.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.23.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 daf55904ea255d41a05667d26aeabb8746615c3d7915f3b8b9fc9e630e9f3e6a
MD5 d7c60fbf444122350591e20470162aeb
BLAKE2b-256 5de51bf9f74c1ebc4da4e2dfeef9f70108dcd254f7cc44ff637251f3e902792f

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.23.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.23.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.23.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 1723c35e2269101ee4298c6beeb4710d0239bd9f2cfa92f8deeb556ddc2383d2
MD5 a0b0feb94c1d377e869b31d21cd2f479
BLAKE2b-256 1ec3b69c110ff533ac9fe5b97fc6ef71e908dad0a7fda2abcdb772f4e9a019a5

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.23.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.23.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.23.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 0ff2fa6ac60aa955cec16bfe75794c53f68120e4d8e5d6b0c25b3d2b8b410a74
MD5 792a1f076413ca359fd0a45973522b00
BLAKE2b-256 8c0f08f7107aba0eea0484dc9339a424d8660975a97087e7f16a72b97a15e487

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.23.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.23.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.23.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 25585f5a13fc609a71a9f6dff4f16982c39a3f85703a89554ea5893658044346
MD5 05f11b8d826fa92508562ef655fcccde
BLAKE2b-256 c161856652f342e1fa093e3ea26d43efa624fb54180fcffc0688f187ba88315e

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.23.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page