-
Notifications
You must be signed in to change notification settings - Fork 48
Architecture
Credential Digger finds credentials hardcoded in a repository. The tool is composed of:
- Database
- Python client
- User interface
The database is structured in the following way (arrows point to foreign keys). Both Postgres and Sqlite are supported.
The project includes 3 components: a db (sql
folder), a client (credentialdigger
folder), and a user interface (ui
folder).
create_table.sql
defines the db schema.
In case of Postgres, this script is launched to initialise the db. In case of sqlite, the tables are set when the client is instantiated.
Note that, given the file_name
and commit_hash
of a discovery, both the commit and the file can be accessible at addresses:
REPO_URL/commit/COMMIT_HASH
REPO_URL/blob/COMMIT_HASH/file_name
This client can be used to easily interact with the db. It offers a scanner for git repositories, based on Hyperscan (others can be implemented). Please note that the database must be up and running when using Postgres, while it is created on-the-fly when using Sqlite (if not already created).
The user interface can be used to easily perform scans and flag the discoveries.
- Installation instructions: Readme
- Preparation for the scanner's rules
- Deploy over HTTPS (Optional)
- How to update the project
- How to install on MacOS ARM
- Python library
- CLI
- Web UI through the Docker installation
- Pre-commit hook