GitLab Watchman - Audit Gitlab For Sensitive Data & Creds
source link: https://www.darknet.org.uk/2021/02/gitlab-watchman-audit-gitlab-for-sensitive-data-credentials/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally – this includes code, commits, wiki pages and more.
GitLab Watchman searches GitLab for internally shared projects and looks at:
- Commits
- Wiki pages
- Issues
- Merge requests
- Milestones
For the following data:
- GCP keys and service account files
- AWS keys
- Azure keys and service account files
- Google API keys
- Slack API tokens & webhooks
- Private keys (SSH, PGP, any other misc private key)
- Exposed tokens (Bearer tokens, access tokens, client_secret etc.)
- S3 config files
- Passwords in plaintext
- CICD variables exposed publicly
- and more
Using GitLab Watchman to Audit Gitlab For Sensitive Data
GitLab Watchman will be installed as a global command, use as follows:
You can run GitLab Watchman to look for everything, and output to default Stdout:
Or arguments can be grouped together to search more granularly. This will look for commits and milestones for the last 30 days, and output the results to a TCP stream:
Logging in GitLab Watchman to Audit Gitlab For Sensitive Data
GitLab Watchman gives the following logging options:
- Log file
- Stdout
- TCP stream
Results are output in JSON format, perfect for ingesting into a SIEM or other log analysis platform.
For file and TCP stream logging, configuration options need to be passed via .conf file or environment variable. See the file docs/logging.md for instructions on how to set it up.
If no logging option is given, GitLab Watchman defaults to Stdout logging.
You can download Gitlab Watchman here:
Or read more here.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK