Finding exposed secrets and personal data in GitLab
This major version release brings multiple updates to GitLab Watchman in usability, functionality and behind the scenes improvements.
GITLAB_WATCHMAN_TOKEN
and GITLAB_WATCHMAN_URL
Breaking changes:
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally.
It searches GitLab for internally shared projects and looks at:
For the following data:
You can run GitLab Watchman to look for results going back as far as:
This means after one deep scan, you can schedule GitLab Watchman to run regularly and only return results from your chosen timeframe.