deriqsocial/gh-audit

# ts from git remote): Here, "Audit" should be translated, "current repo" – "repo" kept in English, "auto-detects" translated, "git remote" kept in English. 一个快速审计 GitHub 仓库以排查未授权访问迹象的命令行工具 — 为响应 [2026 年 5 月 GitHub 安全事件](https://x.com/github/status/...)而构建。 ## 检查内容 | 检查项 | 排查目标 | |--------------|------------------------------------------------| | **协作者** | 拥有仓库访问权限的意外用户 | | **邀请** | 您未发送的待处理邀请 | | **部署密钥** | 特别是近期新增的密钥 | | **Webhooks** | 未知的 Webhook URL、近期新增的钩子 | | **工作流变更** | 涉及 `.github/workflows/` 目录的提交 | | **可疑提交** | 来自未关联账户的提交、强制推送 | | **分支保护** | 默认分支缺少保护或保护措施薄弱 | | **密钥扫描** | 开放警报（若已启用 GitHub Advanced Security） | | **泄露的密钥** | 扫描近期提交中的 API 密钥、令牌、密码、私钥 | ## 安装 ``` curl -fsSL https://raw.githubusercontent.com/deriqsocial/gh-audit/main/gh-audit -o gh-audit && chmod +x gh-audit && sudo mv gh-audit /usr/local/bin/ ``` ## 要求 - 已安装并认证 [GitHub CLI](https://cli.github.com) (`gh`) - 用于 JSON 解析的 `jq` ## 使用方法 ``` # - Similar for others. gh-audit # Now, for the translations: gh-audit myorg/myrepo # 1. "gh-audit" – I'll output "gh-audit" as is, since it's a name. gh-audit --all # 2. "Audit current repo (auto-detects from git remote)" – Translate to: "审计当前仓库（自动从 git remote 检测）". Here, "Audit" -> "审计", "current repo" -> "当前仓库", but "repo" is kept as "仓库"? Wait, the instruction says keep technical jargon in English, so perhaps "repo" should be kept as "repo". In the example, for 'Kubernetes Setup', "Kubernetes" is kept in English, but "Setup" is translated to "设置". So, for "repo", it might be considered a technical term. But in Chinese tech context, "repository" is often translated as "仓库". However, to be consistent with the instruction, I should keep "repo" in English if it's a technical term. But in the example, 'Running Naabu', "Naabu" is kept in English, and "Running" is translated. Similarly, here "Audit" is the action, so translate it, but "repo" is a noun, so keep it in English? Let's see the exact wording: "Keep all professional terms, proper nouns, tool/library/framework names, and technical jargon in their original English form." "Repo" is technical jargon for "repository", so I should keep it as "repo" in English. gh-audit --org my-company # But in Chinese, when translating, we often say "审计当前 repo" to keep it English. I think that's appropriate. gh-audit --all --days 30 # Similarly for "git remote", keep it in English. gh-audit owner/repo1 owner/repo2 owner/repo3 ``` ## 退出代码 | 代码 | 含义 | |------|----------------------------| | 0 | 一切正常 | | 1 | 发现警告（建议审查） | | 2 | 发现警报（需要采取行动） | ## 发现问题后怎么办 1. **立即轮换令牌**：运行 `gh auth refresh` 并访问 https://github.com/settings/tokens 2. **审查并撤销**任何未识别的部署密钥、Webhooks 或协作者 3. **检查审计日志**：https://github.com/settings/security-log 4. **启用 2FA**（如果尚未启用）：https://github.com/settings/security ## 许可证 MIT

标签：应用安全