GitHub repositories created under any organization can be controlled by the GitHub administrators. However any repository created under an organization's user account is not controllable unless the organisation has adopted the GitHub enterprise-managed user (EMU) model.
Any public repository under the organization's user account that was created accidentally or for testing purposes could leak secrets, internal information, code etc. GitAlerts helps you detect and monitor such cases
Can be controlled by the administrator
https://github.com/<org>/<org-repo-name>
Can't be controlled by the administrator
https://github.com/<org-user>/<org-user-repo-name>
Setup GitHub personal access token (PAT) as the environment variable
export GITHUB_PAT=YOUR_GITHUB_PAT
go mod tidyScan GitHub repositories belonging to your organization users
go run . scan --org your-org-nameMonitor new public repositories being created by your organization users
go run . monitor --org your-org-nameMonitor new public repositories being created by your organization users with slack notification
go run . monitor --org your-org-name --slack-alertSetup slack webhook token as the environment variable
export SLACK_HOOK=SLACK_WEBHOOK_URL
Scan and generate report with custom path
go run . scan --org your-org-name --report-path /your/file/path/Scan with secrets detection using Trufflehog
Ensure trufflehog is installed in your machine
go run . detect --org your-org-namePlease feel to reach out for any feedback and suggestions