GitHub repositories created under any organization can be controlled by the GitHub administrators. However any repository created under an organization's user account is not controllable unless the organisation has adopted the GitHub enterprise-managed user (EMU) model.

Any public repository under the organization's user account that was created accidentally or for testing purposes could leak secrets, internal information, code etc. GitAlerts helps you detect and monitor such cases

Can be controlled by the administrator https://github.com/<org>/<org-repo-name>

Can't be controlled by the administrator https://github.com/<org-user>/<org-user-repo-name>

• Download the binary file for your operating system / architecture from the Official GitHub Releases

• You can also install git-alerts using homebrew in MacOS and Linux

brew tap boringtools/tap
brew install boringtools/tap/git-alerts

• Alternatively, build from source

Ensure $(go env GOPATH)/bin is in your $PATH

go install github.com/boringtools/git-alerts@main

Setup GitHub personal access token (PAT) as the environment variable, without PAT GitHub will only allow 60 request per hour.

export GITHUB_PAT=YOUR_GITHUB_PAT

Scan GitHub repositories belonging to your organization users

git-alerts scan --org your-org-name

Monitor new public repositories being created by your organization users

git-alerts monitor --org your-org-name

Monitor new public repositories being created by your organization users with slack notification

git-alerts monitor --org your-org-name --slack-alert

Setup slack webhook token as the environment variable

export SLACK_HOOK=SLACK_WEBHOOK_URL

Scan and generate report with custom path

git-alerts scan --org your-org-name --report-path /your/file/path/

Scan with secrets detection using Trufflehog

Ensure trufflehog is installed in your machine

git-alerts detect --org your-org-name

docs

Please feel to reach out for any feedback and suggestions