Question 1

How does GSIL compare to TruffleHog for finding secrets on GitHub?

Accepted Answer

GSIL focuses on customizable rules for organizational-specific data like internal domains, while TruffleHog uses entropy-based detection for generic secrets. GSIL offers more tailored scanning but requires manual rule setup, whereas TruffleHog is better for out-of-the-box secret detection.

Question 2

How to set up GSIL to monitor for internal API keys?

Accepted Answer

Define rules in rules.gsil.yaml with keywords matching your API key patterns and specify relevant file extensions. Configure email alerts in config.gsil.cfg to receive notifications when matches are found during scheduled scans.

Question 3

Can GSIL scan private GitHub repositories?

Accepted Answer

GSIL primarily scans public repositories using GitHub's search API. For private repos, you'd need appropriate tokens with access, but the README doesn't explicitly support this, and it might require modifications or additional permissions.

Question 4

What file types does GSIL support by default?

Accepted Answer

By default, GSIL scans all file suffixes unless specified in the rules. You can customize extensions in the YAML configuration, such as php, java, python, etc., to focus on specific codebases as shown in the examples.

Question 5

How to reduce false positives in GSIL alerts?

Accepted Answer

Use precise keywords with double quotes for exact matches, adjust matching modes like 'only-match', and regularly review and refine rules based on scan results to minimize irrelevant notifications.

Question 6

Does GSIL integrate with CI/CD pipelines?

Accepted Answer

GSIL is designed for scheduled scans via cron jobs, not direct CI/CD integration. However, you could run it as part of a pipeline script, but real-time triggering might require custom scripting and isn't built-in.

GSIL

What is GSIL?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions