Gitxray v1.0.15

We’re excited to announce the release of Gitxray v1.0.15, packed with powerful new security checks and features designed to enhance your OSINT, Forensics, Pentesting, or other activities.

?? What’s New in v1.0.15

Enhanced Repository Name Search and Reputation Warning

Similar repositorynames lead to confusion or potential security risks. With v1.0.15, gitxray now includes:

• Similar Repository Name Search: Automatically searches for repositories with names similar to yours on GitHub.
• Reputation Warnings: Alerts you if a repository with the same name but a better reputation exists.

Commit Time Analysis

Understanding contributor activity patterns can offer valuable insights into your project’s development dynamics. This version aggregates commit times per contributor and determines the percentage of commits made at each hour of the day.

Identify patterns per contributor and uncover potential anomalies. GitHub Timestamps returned by the API are always in UTC time, , you’ll likely need to uncover a contributor’s timezone to have more insights.

Security checks on Workflows

To provide a more organized and comprehensive analysis of GitHub workflows, we’ve:

• Created a dedicated Workflows X-Ray Module: Centralizes all workflow-related logic, previously scattered under the Repository X-Ray.
• Missing Workflow Runs: Monitors and reports when workflow runs are deleted, distinguishing between possible malicious activities and legitimate cleanups. This is possible by comparing total runs vs. sequential ids. Tracking workflow deletions can help detect unauthorized attempts to erase audit trails, enhancing your repository’s security posture.
• Basic Workflow Security Checks: Identifies potential vulnerabilities within your workflows. For example, gitxray identifies and lists any secret names used within your workflows, and informs you if user-input is referenced. We’ve also added links to proper GitHub workflow scanners for subsequent scanning.
• Execution by Non-Contributors vs. Contributors: Tracks and displays how many times each workflow is executed by internal team members versus external users. This may be helpful to identify attacks taking place or those which have taken place before.

User Experience Enhancements

• Progress Display: Shows a progress percentage for time-consuming queries along with an estimated time remaining before execution resumes.
• Graceful Query Skipping: Allows users to skip heavy queries live by handling CTRL+C interruptions effectively. This update removes previous caps or limits, granting users more control over their interactions.
• Lifted caps for heavy queries: Because of the aforementioned changes, we’ve removed caps/limits on heavy queries. You may now skip anything that is taking too long with ease.

?? Upgrade to Gitxray v1.0.15 effortlessly via PyPi

pip3 install --upgrade gitxray        

Or clone the latest version from our GitHub repository and run it locally:

git clone https://github.com/kulkansecurity/gitxray
cd gitxray/src
python3 -m gitxray.gitxray        

Gitxray v1.0.15 is a powerful tool for Forensics, OSINT, Pentesting, and more. Run a full X-Ray on your repositories today to discover what information is accessible and enhance your security posture.

?? Learn More: Check out the ChangeLog and our latest Blog post here.

#Gitxray #NewRelease #Security #DevOps #OpenSource #SoftwareDevelopment #TechUpdate #CyberSecurity #GitHub #WorkflowSecurity