Tool for verifying security controls in GitHub Enterprise repositories.
Binary distributions are available in the releases section.
Install the Lava command with go install.
go install github.com/adevinta/ghe-reposec@latestghe-reposec requires Lava in order to run.
The ghe-reposec tool can be configured using environment variables. Below are the available configuration options:
REPOSEC_LOG_LEVEL: The log level (default:info). Possible values:debug,info,warn,error.REPOSEC_LOG_OUTPUT: The log output (default:stdout). Possible values:stdout,stderr.REPOSEC_LOG_OUTPUT_FORMAT: The log output format (default:text). Possible values:text,json.REPOSEC_TARGET_ORG: The target GitHub organization.REPOSEC_OUTPUT_FILE: The output file path (default:/tmp/reposec.csv).REPOSEC_OUTPUT_FORMAT: The output format (default:csv). Possible values:csv,json.
REPOSEC_GHE_TOKEN: The GitHub Enterprise token (required).REPOSEC_GHE_BASE_URL: The GitHub Enterprise base URL (required).REPOSEC_GHE_CONCURRENCY: The number of concurrent requests to GitHub Enterprise (default:15).REPOSEC_GHE_REPOSITORY_SIZE_LIMIT: The maximum repository size in KB (default:3145728).REPOSEC_GHE_INCLUDE_ARCHIVED: Include archived repositories (default:false).REPOSEC_GHE_INCLUDE_EMPTY: Include empty repositories (default:false).REPOSEC_GHE_INCLUDE_FORKS: Include forked repositories (default:false).REPOSEC_GHE_INCLUDE_TEMPLATES: Include template repositories (default:false).REPOSEC_GHE_INCLUDE_DISABLED: Include disabled repositories (default:false).REPOSEC_GHE_MIN_LAST_ACTIVITY_DAYS: The minimum number of days since the last activity in the repository (default:0).
REPOSEC_LAVA_CONCURRENCY: The number of concurrent Lava scans (default:10).REPOSEC_LAVA_BINARY_PATH: The path to the Lava binary (default:/usr/bin/lava).REPOSEC_LAVA_CHECK_IMAGE: The Lava check image (default:vulcansec/vulcan-repository-sctrl:a20516f-4aae88d).LAVA_RESULTS_PATH: The path where Lava results (stdout and stderr) will be stored if specified.
We are not accepting external contributions at the moment.