I've been watching you for a while now...
Balboni is a modular scanner for git repositories currently working with repositories hosted on Huggignface.
It's basic architecture is a API gateway that receives post requests from a Huggingface Webhook once received we parse the request to extract the repo url.
From here we run a scan using Trufflehog on the repository to extract secrets.
Rate limiting and queuing is handled by an Amazon SQS queue to ensure first in first out.
Infrastructure deployment is done via terraform.
- Visit https://huggingface.co/settings/webhooks
- Click
Add a new webhook - Under Target repositories choose the repo you would like to monitor e.g facebook/* (you can add multiple orgs)
- Add the API Gateway Webhook URL
- Select the triggers - you want both Repo Update and PR's
- filtering already tested tokens to reduce noise.
- scanning only commits to improve performance.
- ability to dynamically add orgs / repositories to the webhook (maybe scrap or API).