GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk SaaS / CyberArk Self-Hosted - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.29.0

0.28.1

This version

0.28.0

0.27.0

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

0.23.0

0.22.0

0.21.1

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.28.0-py3-none-musllinux_1_2_x86_64.whl (11.4 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.28.0-py3-none-musllinux_1_2_aarch64.whl (10.3 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.28.0-py3-none-manylinux_2_28_aarch64.whl (10.5 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.28.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.3 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.28.0-py3-none-macosx_11_0_arm64.whl (9.9 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.28.0-py3-none-macosx_10_12_x86_64.whl (10.8 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.28.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.28.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 fbb149776fc0573431ed66948e9a9095aab04aa1b6f0435e30578d2e39044385
MD5 545207fbad6dab3eac7ea1b989cca657
BLAKE2b-256 8aa185168bb5cfe9599956e7c4ec5fbc8b1a5bad3c0ee619b4ce0de9543c1edb

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.28.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.28.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.28.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 57b5c9a1610794ff1c923057f58fc5fc4a29d86a86617085cf83d1744233b932
MD5 cd33927663035794608d0d15cdea3f99
BLAKE2b-256 5690275f39470a33711a4fe786613256df9c71785c783acce59fd20a8be32d47

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.28.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.28.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.28.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 574428700356a5f8192d45b2bc2d33a33cec91d473058bbab650a88756873166
MD5 c8aad750beb80e13db1ff2fd2ea212dc
BLAKE2b-256 5d3a2f2544aeec1a007d28663ec7b2b66a5bab6f60e5767fd37357e376e7331f

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.28.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.28.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.28.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 08cb28db45885386c73b1b42e2076e5a65d5d2cae21b34465c1a09c2c7645e94
MD5 498410dd83b7c091576b6a554ca879d0
BLAKE2b-256 fb142716e9e6edd35243119085af9ce2ee8d02b665da1c07a0a172ff96747002

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.28.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.28.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.28.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 3e61bf510fa203592f48cd0c053fc212c86f2afbaecd1064f618d24b123a9835
MD5 56e58414724e1a61489b5569e22d8bff
BLAKE2b-256 484df60c9d14e8bd91d972133f7267fb190e48ad4f875bc9aabbc46272131590

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.28.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.28.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.28.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 63b142288c8fcfa07553b41513b07e51c3c8fb9473280322ae048b0bd4e73bf9
MD5 0f65d63af6d451daa710812ab2bea318
BLAKE2b-256 0168535893176bb9f05ba89220f367efb9a33d7be667ef96d9126afc907b166d

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.28.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page