Use this to scan an entire GitHub organisation for:
- Access keys
- Unsafe dependencies
- Static source code analysis (JavaScript only)
- Clone:
git clone git@github.com:hjfitz/org-scanner.git
- Install Node dependencies:
npm install
(oryarn
) - Set up environment:
echo GITHUB_ACCESS_TOKEN=$MYGHACCESSTOKEN>.env
- Run:
node list-and-clone
If you want to scan one repo, you can forgo a lot of the setup. Simply use scan.sh:
~ $ ./scan.sh $REPO_URL $ACCESS_TOKEN $REPO_NAME