GitHub audit, governance, and inventory for organizations
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
gh-audit
GitHub audit, governance, and inventory for organizations.
gh-audit produces a comprehensive inventory of your GitHub organization -- repositories, members, Actions workflows, security posture, packages, and projects -- and generates JSON, HTML, and Excel reports. It supports standard (fast) and deep (thorough) scan profiles, multi-organization scanning via YAML config, and both PAT and GitHub App authentication.
A free tool by N8 Group -- DevOps Transformation. Executed with Precision.
Installation
pip (Python 3.11+)
pip install gh-audit
gh-audit --version
Homebrew (macOS / Linux)
brew tap n8group-oss/tap
brew install gh-audit
Chocolatey (Windows)
choco install gh-audit
New Chocolatey packages can take time to appear publicly while community
moderation completes. If gh-audit is not visible yet, download the .nupkg
asset from GitHub Releases
and install it from the folder where you saved it:
choco install gh-audit --source="'C:\path\to\package-folder'"
Direct download
Download standalone binaries, checksums, and release artifacts from GitHub Releases. Standalone executables are available for Linux (amd64), macOS (amd64, arm64), and Windows (amd64).
Quick Start
Single organization (PAT)
gh-audit discover --organization myorg --token ghp_xxxxx
Single organization (GitHub App -- recommended)
gh-audit discover \
--organization myorg \
--app-id 12345 \
--private-key-path /path/to/key.pem \
--installation-id 67890
Multi-organization (config file)
gh-audit discover --config gh-audit.yml --output-dir ./results
See examples/gh-audit.yml for the config format.
Interactive setup
gh-audit init
Creates a .env file with your credentials. Then run:
gh-audit discover
Scan Profiles
| Profile | Default | What it does |
|---|---|---|
standard |
Yes | Repository metadata, PR/issue/branch counts, workflow listing, security feature status, users, packages, projects |
deep |
No | Everything in standard + recursive tree walk (large file detection), workflow YAML parsing (action usage, self-hosted runners), exact security alert counts |
gh-audit discover --organization myorg --token ghp_xxx --scan-profile deep
Individual deep features can be toggled independently:
gh-audit discover --organization myorg --token ghp_xxx \
--scan-large-files \
--scan-workflow-contents \
--security-alert-counts
Output
Every scan produces three artifacts:
| Format | File | Purpose |
|---|---|---|
| JSON | {org}-inventory.json |
Machine-readable inventory |
| HTML | {org}-report.html |
Self-contained visual report (offline, no CDN) |
| Excel | {org}-inventory.xlsx |
10-sheet workbook for analysis and sharing |
Regenerate reports from an existing inventory:
gh-audit report --inventory myorg-inventory.json
Authentication
Personal Access Token (PAT)
Required scopes (classic): repo, read:org, read:packages, read:project, security_events
Set via CLI flag, environment variable, or .env file:
export GH_AUDIT_TOKEN=ghp_xxxxx
export GH_AUDIT_ORGANIZATION=myorg
GitHub App (recommended)
Better rate limits (15,000 req/hr vs 5,000) and org-level permissions.
Required permissions: Repository metadata (read), Organization members (read), Actions (read), Packages (read), Security events (read).
export GH_AUDIT_APP_ID=12345
export GH_AUDIT_PRIVATE_KEY_PATH=/path/to/key.pem
export GH_AUDIT_INSTALLATION_ID=67890
export GH_AUDIT_ORGANIZATION=myorg
GitHub Enterprise Server
export GH_AUDIT_API_URL=https://github.mycompany.com/api/v3
Multi-Organization Config
Scan multiple organizations with different credentials in one run:
defaults:
scan_profile: standard
concurrency: 8
organizations:
- name: org-one
token: ${GH_TOKEN_ORG_ONE}
- name: org-two
app_id: 12345
private_key_path: /path/to/key.pem
installation_id: 67890
scan_profile: deep
gh-audit discover --config gh-audit.yml --output-dir ./results
Each organization gets its own output directory. A cross-org summary
(summary.json + summary.html) is generated at the root.
License
Business Source License 1.1 -- free to use for internal purposes. See LICENSE for full terms.
Contact
N8 Group -- European leader in AI-powered DevOps solutions.
- Web: n8-group.com
- Email: sales@n8-group.com
- LinkedIn: N8 Group
- Phone: +48 12 300 25 80
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file gh_audit-0.2.1.tar.gz.
File metadata
- Download URL: gh_audit-0.2.1.tar.gz
- Upload date:
- Size: 197.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3ab5a583f38c34f7bed09e41c67e50f352f5bf19476b0d298c8e208d677b8d4a
|
|
| MD5 |
ab068e4f98decbb87319fc0f85eff266
|
|
| BLAKE2b-256 |
242c1d504994d3f73b574a69e2852444b995b521befcfef742c08079248dafcd
|
Provenance
The following attestation bundles were made for gh_audit-0.2.1.tar.gz:
Publisher:
release.yml on n8group-oss/gh-audit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gh_audit-0.2.1.tar.gz -
Subject digest:
3ab5a583f38c34f7bed09e41c67e50f352f5bf19476b0d298c8e208d677b8d4a - Sigstore transparency entry: 1214012822
- Sigstore integration time:
-
Permalink:
n8group-oss/gh-audit@ea6201c0c80cae8fb44dc5d7e5b8cbb27c79df63 -
Branch / Tag:
refs/tags/v0.2.1 - Owner: https://github.com/n8group-oss
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@ea6201c0c80cae8fb44dc5d7e5b8cbb27c79df63 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file gh_audit-0.2.1-py3-none-any.whl.
File metadata
- Download URL: gh_audit-0.2.1-py3-none-any.whl
- Upload date:
- Size: 110.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f256ad8f6a41529b75c8a51588053900c9d73aec63c4e144b62452691859becb
|
|
| MD5 |
2424af7333229a80fb457cad0cba0bb7
|
|
| BLAKE2b-256 |
0ee169ba88c68a9a511b4538ce19eeca063aedfc0354c5b0c99dd0d4495b3169
|
Provenance
The following attestation bundles were made for gh_audit-0.2.1-py3-none-any.whl:
Publisher:
release.yml on n8group-oss/gh-audit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gh_audit-0.2.1-py3-none-any.whl -
Subject digest:
f256ad8f6a41529b75c8a51588053900c9d73aec63c4e144b62452691859becb - Sigstore transparency entry: 1214012903
- Sigstore integration time:
-
Permalink:
n8group-oss/gh-audit@ea6201c0c80cae8fb44dc5d7e5b8cbb27c79df63 -
Branch / Tag:
refs/tags/v0.2.1 - Owner: https://github.com/n8group-oss
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@ea6201c0c80cae8fb44dc5d7e5b8cbb27c79df63 -
Trigger Event:
workflow_dispatch
-
Statement type:
