I recently built a project for a hackathon and figured I'd share it here for those interested in managing their GitHub.com repository security.
It’s a web app where a user can create an account and add an admin GitHub.com token so that they can run their GitHub org against security best practices;
For each repo present in the Org. with a single report is generated.
Note: It currently does not support privately self-hosted GitHub Enterprise Integration.
Used for analyzing an organization’s repos at scale to show which could use hardening for security best practices with GitHub.com's available features
Link to Source Code
(What made you decide to build this particular app? What inspired you?)
I recently obtained my CISSP, and continuing professional education (CPE) credits are required as part of retaining it.
So, I watched an ISC^2 presentation on the troubles of securing GitHub Repos, which counts as 1 CPE credit.
I was shocked at how many Fortune 500 companies were breached due to misconfigured GitHub repos.
Hence, I thought it could be a fun Friday night project to build a simple web app that could be used in the cloud or run locally to check an Orgs security posture for GitHub.
Hence, GittyUp is built in GO, making it easy to share across operating systems.
Later, I plan to create a CLI version and a Docker containerized version to make it even easier to use on one’s local computer.
I hope it can help stop the data breaches caused by poor GitHub Repository Configuration.
How I built it
(How did you utilize Linode? Did you learn something new along the way? Pick up a new skill?)
I learned how to use Linode servers for running a web app which was tricky as it required installing it as a service on the Linode server. However, using Docker could make it more accessible as Linode has a Docker-based server. But I kept it simple since it was a brief hackathon.
I also learned how to map a namecheap.com domain to the Linode server IP, which was easy to do in the Linode Console. It was just a click of a button and editing a few records within the NameCheap control panel.
I also learned how to use Linode Database Clusters, which were also easy to set up in the console and, upon set up, provided all the credentials in an easy-to-view manner for connecting to the database. However, I opted to install the DB locally on the Linode server to reduce costs because I didn't want to go over the credit nor use a virtual DB/CPU.