GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk SaaS / CyberArk Self-Hosted - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.27.0

This version

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

0.23.0

0.22.0

0.21.1

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.26.0-py3-none-musllinux_1_2_x86_64.whl (12.0 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.26.0-py3-none-musllinux_1_2_aarch64.whl (10.9 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.26.0-py3-none-manylinux_2_28_aarch64.whl (11.0 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.26.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.9 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.26.0-py3-none-macosx_11_0_arm64.whl (10.4 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.26.0-py3-none-macosx_10_12_x86_64.whl (11.4 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.26.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.26.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 3817ada8942f11a6534d0bb92c70caad1534ceee98b1fb2c7dad05295643733f
MD5 fe122308097fb294819c9d7a1afbc141
BLAKE2b-256 66e5ea7e4fad49c7c05420eb058275819290c03265e9fc6f24210e5a8edbd45c

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.26.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.26.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.26.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 77d3eb42409e7cb286a4054f27e80b872925e1590fb8634eadce14428d0da8f3
MD5 6dde5bd42cb546f13dc9feddf5d007e6
BLAKE2b-256 1190f923448a1f5b993204d5b09c21948e1d720e456c84acbc7c1b76e21eb2b7

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.26.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.26.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.26.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 7cdaf60378d130b8b3b191651218dfbd600296aba6fa07ddde5478c94cf8ca71
MD5 16fff9833f956d5e5652963d38619157
BLAKE2b-256 693807606abb302fa323060b731c394112fdeb400c2af37bfb1c545738e73679

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.26.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.26.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.26.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 b0029d57ceed6762dfa8afca5c54cad0ef78d5f39dac63a362868743243e6e71
MD5 2ccfbfb539e28134d2e2ff18fd4db729
BLAKE2b-256 4cc38a4196e61fd0252329954883a79854a105d8ffcf14740f8643ddefb56604

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.26.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.26.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.26.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 400bbb63f0d480cd59e6e48e7cfa8817d83155691827ddbbcc59e591d65542ac
MD5 9fd1c345bc4402175d28311ea36a1007
BLAKE2b-256 8162ee964da2b7d023cf76f950edfb6a9d24281fd5c3eaa1daed71bca4b181e2

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.26.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.26.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.26.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 0293989f27bdf512c211a2bb03f99e2abf9b58f36fa5a62475c55ed8c2f4db08
MD5 ff5dc98590af46fef739445c510fc646
BLAKE2b-256 2dba56b144014920d3275c4a880b9b5e7a9638c293035d179f45aa3f455fcfc5

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.26.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page