Read the original article: GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally – this includes code, commits, wiki pages and more.
GitLab Watchman searches GitLab for internally shared projects and looks at:
- Code
- Commits
- Wiki pages
- Issues
- Merge requests
- Milestones
For the following data:
- GCP keys and service account files
- AWS keys
- Azure keys and service account files
- Google API keys
- Slack API tokens & webhooks
- Private keys (SSH, PGP, any other misc private key)
- Exposed tokens (Bearer tokens, access tokens, client_secret etc.)
- S3 config files
- Passwords in plaintext
- CICD variables exposed publicly
- and more
Using GitLab Watchman to Audit Gitlab For Sensitive Data
GitLab Watchman will be installed as a global command, use as follows:
usage: gitlab-watchman [-h] –timeframe {d,w,m,a} –output
{file,stdout,stream} [–version] [–all] [–blobs]
[–commits] [–wiki-blobs] [–issues] [–merge-requests]
[–milestones] [–comments]
Monitoring GitLab for sensitive data shared publicly
optional arguments:
-h, –help show this help message and exit
–version show program’s version number and exit
–all Find everything
–blobs Search code blobs
–commits Search commits
–wiki-blobs Search wiki blobs
–issues Search issues
–merge-requests Search merge requests
–milestones Search milestones
–comments Search comments
required arguments:
–timeframe {d,w,m,a}
How far back to search: d = 24 hours w = 7 days, m =
30 days, a = all time
–output {file,stdout,stream}
Where to send results
You can run GitLab Watchman to look for everything, and output to default Stdout:
gitlab-watchman –timeframe a –all
Or arguments can be grouped together to search more granularly.
Read the original article: GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials