GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk SaaS / CyberArk Self-Hosted - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.27.0

0.26.0

0.25.1

0.25.0

This version

0.24.0

0.23.1

0.23.0

0.22.0

0.21.1

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.24.0-py3-none-musllinux_1_2_x86_64.whl (11.6 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.24.0-py3-none-musllinux_1_2_aarch64.whl (10.6 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.24.0-py3-none-manylinux_2_28_aarch64.whl (10.7 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.24.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.5 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.24.0-py3-none-macosx_11_0_arm64.whl (10.1 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.24.0-py3-none-macosx_10_12_x86_64.whl (11.1 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.24.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.24.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 b807455cf5ae607bebc817673f728f714ed7759b9332eda0ba945a24cfa9ea07
MD5 49931be629dbc22f1074753294004553
BLAKE2b-256 6930cf3deb3148a899f4f845c78c86069f8b2592a4934eaae40a0049bfee7b32

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.24.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.24.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.24.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 c773e2d4fb4283827bbc49889032a9182a5ef9d8671838d343e33d58d5e32f41
MD5 a230ec808152bddf40cb3c0fa712e260
BLAKE2b-256 bedb55b09c9ee3f93e93d89cda6e39a39a7e6f1d87648cd3d486274fe59100c5

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.24.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.24.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.24.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 2532b571da6538afa49cf2fc9f47f7b149daab3991a5511aaaf1c475850c8743
MD5 18412e503db0599239cb826a190ffdcf
BLAKE2b-256 269f8de18185c15eed8252a9460c3f90808dec069ce346f190d46fa51957bb79

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.24.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.24.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.24.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 8d30ca2a129a6e8a772983da084b44923648eb47bb18e051d6ce44dedd5540ce
MD5 e61d85bd99ca96158878ae0d525e39d8
BLAKE2b-256 a2633adf2a7b8541430273a03a6a11eb4789e80a96b27331637cb1101667ee81

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.24.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.24.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.24.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 a303763c7cc2da9d60598084a52caac95ed499b7297166f5acdc6d7696da00de
MD5 a7274c6c4850d67371b3073888625e9c
BLAKE2b-256 372a53b709c39bb96f8b79721fb250cd317f7009fc7136f59929d6ac74080eb5

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.24.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.24.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.24.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 6df85ae6351c81f8e611d3b399db31cf2376167b1f84dbdc69fb828cf2569236
MD5 b0511922239edd6f2f91c9d2eff62c68
BLAKE2b-256 f20024b58d3cbbb89c37331087b92dd72bb1696e74acd3fbfdf1a13c3244d0a5

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.24.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page