/git-security

An application to have a better visibility on our Git repositories in GitHub Enterprise

Primary LanguageGoMIT LicenseMIT

git-security

Project description

git-security is an application that displays many git repositories information in a table view with ecommerce-like filters. It also supports changing different branch protection rule options in bulk. In order to pull in more information from other services, you can also configure custom hooks using docker images to enrich the data besides GitHub.

Architecture diagram:

alt text

Screenshot of the UI: alt text

Features

  • Ecommerce-like contextual filters
  • Columns are configurable
  • Custom data is supported using docker images
  • Bulk action on changing the branch protection rule options in many repositories

How to try it out

Pre-requisite: Docker, GitHub personal access token (from https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)

export GITHUB_HOST=example.com
export GH_TOKEN=ghp_xyz
docker run -d -e "GH_TOKEN=$GH_TOKEN" -e "GITHUB_HOST=$GITHUB_HOST" -p 8080:8080 matthewkwong/git-security:latest

How to develop

Pre-requisite: Go 1.22+, npm

  1. Run go backend server
go run github.com/PaloAltoNetworks/git-security/cmd/git-security
  1. Run UI
cd cmd/git-security/ui
npm install
npm run dev -- --open

How to build the image

Pre-requisite: Docker

make image

or if you want to deploy to k8s with amd64 arch

make image-amd64

App options

COMMANDS:
   generate-key  generate a random encryption key for GIT_SECURITY_KEY
   help, h       Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --github-host host                  GitHub host (default: "github.com") [$GITHUB_HOST]
   --github-pat PAT                    GitHub PAT [$GITHUB_PAT, $GH_TOKEN]
   --http-port port                    HTTP port (default: 8080) [$HTTP_PORT]
   --https-ssl-cert-location location  HTTPS SSL cert location [$HTTPS_SSL_CERT_LOCATION]
   --https-ssl-key-location location   HTTPS SSL key location [$HTTPS_SSL_KEY_LOCATION]
   --https-port port                   HTTPS port (default: 443) [$HTTPS_PORT]
   --psql-host host                    PostgreSQL host (default: "localhost") [$PSQL_HOST]
   --psql-port port                    PostgreSQL port (default: 5432) [$PSQL_PORT]
   --psql-username username            PostgreSQL username (default: "postgres") [$PSQL_USERNAME]
   --psql-password password            PostgreSQL password (default: "password") [$PSQL_PASSWORD]
   --psql-dbname dbname                PostgreSQL dbname (default: "postgres") [$PSQL_DBNAME]
   --mongo-host host                   Mongo host (default: "localhost") [$MONGO_HOST]
   --mongo-port port                   Mongo port (default: 27017) [$MONGO_PORT]
   --mongo-username username           Mongo username (default: "admin") [$MONGO_USERNAME]
   --mongo-password password           Mongo password (default: "password") [$MONGO_PASSWORD]
   --debug                             debug mode (default: false) [$GIT_SECURITY_DEBUG]
   --key value                         key for encrypting the env variable values in DB [$GIT_SECURITY_KEY]
   --cacert value                      cacert for accessing the GitHub [$GIT_SECURITY_CACERT]
   --admin-username value              basic auth admin username (default: "admin") [$GIT_SECURITY_ADMIN_USERNAME]
   --admin-password value              basic auth admin password (default: "changeme") [$GIT_SECURITY_ADMIN_PASSWORD]
   --db value                          Sqlite (sqlite), PostgreSQL (pg) or Mongo (mongo) as database backend (default: "sqlite") [$GIT_SECURITY_DB]
   --help, -h                          show help
   --version, -v                       print the version

In order to encrypt the custom logic envs provided by the users, we need to configure --key option, use generate-key command to randomly create one if not existed

go run github.com/PaloAltoNetworks/git-security/cmd/git-security generate-key

For backend database, MongoDB is recommended. PostgreSQL and Sqlite are supported through FerretDB (https://github.com/FerretDB/FerretDB)

Columns configuration

Custom hooks configuration

License

MIT