GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk SaaS / CyberArk Self-Hosted - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.27.0

0.26.0

0.25.1

This version

0.25.0

0.24.0

0.23.1

0.23.0

0.22.0

0.21.1

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.25.0-py3-none-musllinux_1_2_x86_64.whl (12.0 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.25.0-py3-none-musllinux_1_2_aarch64.whl (10.8 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.25.0-py3-none-manylinux_2_28_aarch64.whl (11.0 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.25.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.8 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.25.0-py3-none-macosx_11_0_arm64.whl (10.4 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.25.0-py3-none-macosx_10_12_x86_64.whl (11.3 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.25.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.25.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 4abf8f6c4240afec4b65a48226ba0f51c142156dc051f5a6944d04cf119cacb6
MD5 c4ba0316f36a4c88312a35980fa498ae
BLAKE2b-256 dec21472e3dc5b29ddd1d4daccb7dd03adc1fefb7978d21a1fdcee9f7ab6be70

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.25.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.25.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.25.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 523355b432bf8f807755110f59fec230c0086516b1f2d760c4b4292edd6344d7
MD5 743796dece6986f7ef78b576a9d15faa
BLAKE2b-256 de273535e2405f60acd81898eed0c9e1f201ab98b905bcc9ae48c53561506f56

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.25.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.25.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.25.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 16ad103f1dcd7989874b170d3cde8c5a9073b6ae5a353be9109fcf0ca847a033
MD5 da3e138cad58dd3d9d36fb7790ef8ff1
BLAKE2b-256 4bd3fc6e6fa3a053759ddd960e45ed3ea685c00fd159b5bf8fa0dbff9c4ed8a5

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.25.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.25.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.25.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 ec39af496e625447345065c3e360cd1caa2026bc54a720bcda57eda81442cce6
MD5 8263de55539e612ae8a326fb6f36cad8
BLAKE2b-256 3658328591abc7a317f8e9c97c6b3897dd362e545926a72113751637e8289eda

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.25.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.25.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.25.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 02ecbb2621fdd9beefb6c77f1e840a55f53a73199d7dd7eea9b2a331a6817b4e
MD5 8a55650b75d2f25ab32783729c597fb8
BLAKE2b-256 075c32bc8e65e4ad02f3b076a9c759466d678a0566c83eeb2244747d05029438

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.25.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.25.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.25.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 a2527710da4c89937d26a7c48932ec5292c529dea2be27dd7e9b0d64edf3dea8
MD5 a02dcf97715bd85d640626ff3341778f
BLAKE2b-256 6dc39dd40418e40008f548743b209a01b6dc8104e845ba7c4c51e4db57409a03

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.25.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page