For checking what collaborators, hooks, deploy keys, and protected branches you have added on all your GitHub repositories. This also scans all an organization's repos you have permission to view. Because nobody has enough RAM in their brain to remember this stuff for 100+ repos.
Check out genuinetools/pepper for setting all your GitHub repo's master branches to be protected. Pepper even has settings for organizations and a dry-run flag for the paranoid.
- darwin 386 / amd64
- freebsd 386 / amd64
- linux 386 / amd64 / arm / arm64
- solaris amd64
- windows 386 / amd64
$ go get github.com/genuinetools/audit
$ audit -h
_ _ _
__ _ _ _ __| (_) |_
/ _` | | | |/ _` | | __|
| (_| | |_| | (_| | | |_
\__,_|\__,_|\__,_|_|\__|
Auditing what collaborators, hooks, and deploy keys you have added on all your GitHub repositories.
Version: v0.4.3
Build: a55701b
-d run in debug mode
-owner
only audit repos the token owner owns
-repo string
specific repo to test (e.g. 'genuinetools/audit')
-token string
GitHub API token (or env var GITHUB_TOKEN)
-v print version and exit (shorthand)
-version
print version and exit
$ audit --token 12345
genuinetools/apk-file ->
Hooks (1):
travis - active:true (https://api.github.com/repos/genuinetools/apk-file/hooks/8426605)
Protected Branches (1): master
--
genuinetools/apparmor-docs ->
Keys (1):
jenkins - ro:false (https://api.github.com/repos/genuinetools/apparmor-docs/keys/18549738)
Unprotected Branches (1): master
--
genuinetools/bane ->
Hooks (1):
travis - active:true (https://api.github.com/repos/genuinetools/bane/hooks/6178025)
Protected Branches (1): master
--
genuinetools/battery ->
Hooks (1):
travis - active:true (https://api.github.com/repos/genuinetools/battery/hooks/8388640)
Protected Branches (1): master
Unprotected Branches (1): WIP
--
genuinetools/irssi ->
Collaborators (3): tianon, genuinetools, docker-library-bot
Hooks (1):
docker - active:true (https://api.github.com/repos/genuinetools/irssi/hooks/3918042)
Protected Branches (1): master
--