1.0.1 - 2020-11-14

Fixed

• Retry added for occasional Requests HTTPSConnectionPool error

Initial Release

GitHub Watchman is an application that uses the GitHub API to audit GitHub for sensitive data and credentials exposed internally.

Features

It searches GitHub for internally shared projects and looks at:

• Code
• Commits
• Issues
• Repositories

For the following data:

• GCP keys and service account files
• AWS keys
• Azure keys and service account files
• Google API keys
• Slack API tokens & webhooks
• Private keys (SSH, PGP, any other misc private key)
• Exposed tokens (Bearer tokens, access tokens, client_secret etc.)
• S3 config files
• Passwords in plaintext
• and more

Time based searching

You can run GitHub Watchman to look for results going back as far as:

• 24 hours
• 7 days
• 30 days
• All time

This means after one deep scan, you can schedule GitHub Watchman to run regularly and only return results from your chosen timeframe.