Skip to content

artemrys/detect-gh-actions-unused-secrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits

.github

.github

 
 

tests

tests

 
 

.flake8

.flake8

 
 

.gitignore

.gitignore

 
 

.isort.cfg

.isort.cfg

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

detect_gh_actions_unused_secrets.py

detect_gh_actions_unused_secrets.py

 
 

mypy.ini

mypy.ini

 
 

requirements-dev.txt

requirements-dev.txt

 
 

setup.cfg

setup.cfg

 
 

setup.py

setup.py

 
 

Repository files navigation

detect-gh-actions-unused-secrets

Detects secrets that are defined in the repository and are not used in GitHub Actions.

What it does:

  • Get repository secrets using GitHub Actions API
  • Clone the repository
  • Search through the GitHub Actions related files (.github/workflows/*.yaml and .github/workflows/*.yml) and try to find usages of each secret
  • Report those secrets which are not found

Prerequisites

Installation

pip install detect-gh-actions-unused-secrets

Usage

detect-gh-actions-unused-secrets <token> <owner>/<repo1> <owner/repo2>

--generate-curls

Option to generate a text file with curls to delete all unused secrets in the repositories that were scanned.

detect-gh-actions-unused-secrets <token> <owner>/<repo1> --generate-curls

This command will produce a file called curls.sh that will contain line-by-line curl commands to delete all unused secrets in <owner>/<repo1> repository. This endpoint will be utilized.

About

Detects secrets that are defined in the repository and are not used in GitHub Actions

Topics

github security secrets github-actions

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages