Skip to content

v1.0.0 - First Stable Release

Latest
Latest

Choose a tag to compare

View all tags
@sl4x0 sl4x0 released this 02 Jul 19:29
· 2 commits to main since this release
v1.0.0
b19613f

🎉 ghmon-cli v1.0.0 - Repository Security Scanner

This is the first stable release of ghmon-cli, a comprehensive command-line tool for scanning GitHub and GitLab repositories for leaked secrets using TruffleHog.

✨ Key Features

  • 🔍 Multi-platform scanning - GitHub and GitLab repository discovery and scanning
  • 🔐 TruffleHog integration - Verified secret detection with high confidence filtering
  • 📢 Real-time notifications - Discord and Telegram alerts for new findings
  • ⏰ Continuous monitoring - Automated background scanning with configurable intervals
  • 🔄 Smart token management - Intelligent rotation and rate limit handling
  • 📊 Comprehensive tracking - Detailed logging and result persistence

🔒 Security

  • All hardcoded credentials removed - Safe for public deployment
  • Secure configuration templates - Placeholder values with setup instructions
  • Notifications disabled by default - Prevents accidental usage
  • Production-ready - Thoroughly reviewed and tested

📦 Installation

Option 1: Install from GitHub Releases (Recommended)

# Download and install the wheel package
wget https://github.com/sl4x0/ghmon/releases/download/v1.0.0/ghmon_cli-1.0.0-py3-none-any.whl
pip install ghmon_cli-1.0.0-py3-none-any.whl

Option 2: Install from Source

# Download and install the source distribution
wget https://github.com/sl4x0/ghmon/releases/download/v1.0.0/ghmon_cli-1.0.0.tar.gz
pip install ghmon_cli-1.0.0.tar.gz

Option 3: Clone and Install

git clone https://github.com/sl4x0/ghmon.git
cd ghmon
pip install -e .

🚀 Quick Start

  1. Configure your environment:

    cp ghmon_config.yaml.example ghmon_config.yaml
# Edit ghmon_config.yaml with your API tokens and notification settings

  2. Test your setup:

    python -m ghmon_cli notify --test --config ghmon_config.yaml

  3. Run your first scan:

    python -m ghmon_cli scan -o YOUR_ORG_NAME --config ghmon_config.yaml

  4. Start continuous monitoring:

    python -m ghmon_cli monitor --config ghmon_config.yaml

📋 Requirements

🔧 Configuration

The tool requires configuration of:

  • GitHub/GitLab API tokens
  • Discord webhook URLs (optional)
  • Telegram bot credentials (optional)
  • Target organizations to scan

See ghmon_config.yaml.example for detailed configuration instructions.

📚 Documentation

Full documentation is available in the README.

🐛 Bug Reports

Please report issues on the GitHub Issues page.

Ready for production use! 🚀

Assets 4
Loading