CircleCI log and security configuration automations.
circleci-logs.py - Downloads build logs from circleci for a particular project and repo.
circleci-repos.py - Checks a Github org for repos, or members of the org with personal repos, which have projects on CircleCI.
circleci-vulnerable-config.py - Checks a CircleCI project for signs of vulnerable configuration in regards to fork behaviour and secrets. More info on this can be found here: https://nathandavison.com/blog/shaking-secrets-out-of-circleci-builds
You will need
pip install requests
pip install pendulum
circleci-logs.py scripts writes the log output to
circleci-repos.pyto collect a target's CircleCI repos.
- Use the output from #1 to collect the logs using
- Use the output from #1 to check for signs of vulnerable fork PR configuration using
- ???? (search logs for keys/tokens, manually confirm vulnerable projects from #3).