Last active
August 23, 2018 15:25
-
-
Save mike-bailey/cf77a75ccff31bb77dbe9d8fdb80b00e to your computer and use it in GitHub Desktop.
Gitlab key scanner. Key note: This won't scale. If you are above 50% disk utilization even just on your Gitlab server, consider using a storage solution like NFS to offload things.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Change this to your location on your Gitlab server | |
| REPO_LOCATION="/home/gitlab/repositories" | |
| cp_repos() { | |
| echo "Removing past repo data" | |
| rm -rf /tmp/scanresults | |
| echo "Creating directory structure" | |
| mkdir -p /tmp/scanresults | |
| echo "Copying repo data from production" | |
| cp -r "$REPO_LOCATION" /tmp/scanresults | |
| } | |
| scan_repo() { | |
| echo "Passed: $1" | |
| mkdir -p /tmp/activescanning | |
| repo=$(echo -n $1| rev|cut -d\/ -f1|cut -d. -f2-|rev) | |
| namespace=$(echo -n $1| rev|cut -d\/ -f2|rev) | |
| echo "Scanning $repo in $namespace" | |
| mkdir -p "/tmp/activescanning/$repo/" | |
| cp -r "$1" "/tmp/activescanning/$repo/.git/" | |
| cd "/tmp/activescanning/$repo/" | |
| # Make sure we're in a good state in the repo | |
| git init 2>/dev/null | |
| git checkout master 2>/dev/null | |
| mkdir -p "/tmp/results/$repo" | |
| trufflehog file://. --entropy=False --regex | |
| } | |
| cleanup() { | |
| rm -rf /tmp/results | |
| rm -rf /tmp/scanresults | |
| rm -rf /tmp/activescanning | |
| } | |
| cleanup | |
| cp_repos | |
| find /tmp/scanresults -name "*.git" | while read -r D | |
| do | |
| scan_repo $D | |
| done | |
| cleanup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment