git-gouger is a tool that checks a Git repository for best practice and security configurations.
It can be run with python3 main.py {org} {repo} [token]
Currently, git-gouger will gouge out the configurations of a repo to determine if best practices are being followed. The focus is on security configurations with plans to dive deeper into the information that can be pulled with git.
Currently git-gouger checks:
- Branch Protection is enabled
- Code Scanning is enabled
- Depandabot is enabled
- Readme.MD exists
- Secret Scanning is enabled
- Security.MD exists
- Private vulnerability reporting is enabled
The goal is to help any developer or security engineer understand what is enabled on any git repo. It can also be used as a tool to fit into a larger recon effort (for pentesters).
TODO:
- Add in a contribution.md (and more documentation)
- Group check outputs
- Implement GraphQL option with auth
- Implement a safe option to inspect code within the repo (and extend tools like git-secrets etc)
- Add in additional checks to make the tool feature rich
- Extend to GitLab