Assuming the setup script was run, you can kick off the application by running 'go-earlybird' / 'go-earlybird.exe' / 'go-earlybird-linux (mac / windows / linux). See the Usage section below
If Go is installed, the project can be downloaded and run with go run go-earlybird.go
Using the -stream
flag, users can stream or pipe file contents to 'go-earlybird'.
ᐅ go-earlybird -stream < /path/to/file
... or:
ᐅ cat /path/to/file | go-earlybird -stream
ᐅ go-earlybird --http
will accept a multi-part upload and scan the contents, returning json output.
The normal HTTP listener will operate on HTTP/1.1. Go-EarlyBird can be run as HTTPS/2 with the -https [ip:port]
flag. Note that this also requires the -https-cert [/path/to/cert]
and -https-key [/path/to/key]
The simple webserver configuration file can be found in the local config directory (~/.go-earlybird/webserver.json
or C:\Users\[me]\AppData\go-earlybird\webserver.json
). A separate config file can be specified using the -http-config [/path/to/configfile]
With the flag -git-staged
or -git-tracked
, Go-EarlyBird can limit its scan to only look at files that are staged or tracked (respectively) by Git.
The executable can be called from the command line with the following syntax:
~/go/src/gearlybird (master ✘)✭ ᐅ go-earlybird --help
Usage of go-earlybird:
-config string
Directory where configuration files are stored (default "/Users/janedoe/.go-earlybird/")
-display-confidence string
Lowest confidence level to display [ critical | high | medium | low ] (default "high")
-display-severity string
Lowest severity level to display [ critical | high | medium | low ] (default "medium")
-enable value
Enable individual scanning modules [ ccnumber | content | filename | password-secret ]
-fail-confidence string
Lowest confidence level at which to fail [ critical | high | medium | low ] (default "high")
-fail-severity string
Lowest severity level at which to fail [ critical | high | medium | low ] (default "high")
-file string
Output file -- e.g., 'go-earlybird --file=/home/jdoe/myfile.csv'
-format string
Output format [ console | json | csv ] (default "console")
-git string
Full URL to a git repo to scan e.g.
Use stream IO of Git commit log as input instead of file(s) -- e.g., 'cat secrets.text > go-earlybird'
-git-project string
Full URL to a github organization or bitbucket project to scan e.g.
Scan only git staged files
Scan only git tracked files
-git-user string
If the git repository is private, enter an authorized username
-http string
Listen IP and Port for HTTP API e.g.
-http-config string
Path to webserver config JSON file
-https string
Listen IP and Port for HTTPS/2 API e.g. (Don't forget the https-cert and https-key flags)
-https-cert string
Certificate file for TLS
-https-key string
Private key file for TLS
Ignore the false positive post-process rules
-ignorefile string
Patterns File (including wildcards) for files to ignore. (e.g. *.jpg) (default "/Users/jhans12/.ge_ignore")
-max-file-size int
Maximum file size to scan (in bytes) (default 10240000)
-path string
Directory to scan (defaults to CWD) -- ABSOLUTE PATH ONLY (default "/Users/jhans12/go/src/gearlybird")
Display the full line where the pattern match was found (warning: this can be dangerous with minified script files)
Display rules that would be run, but do not execute a scan
Skip scanning comments in files -- applies only to the 'content' module
Use stream IO as input instead of file(s)
Suppress reporting of the secret found (important if output is going to Slack or other logs)
Update module configurations
Reports details about file reads
-workers int
Set number of workers. (default 100)
-worksize int
Set Line Wrap Length. (default 2500)
-module-config-file string
Absolute path to a json or yaml file for per module level config -- {"modules": { "aModule": { "display_severity": "medium" } } }
go-earlybird -path /dir/to/scan -enable password-secret -enable content -enable inclusivity-rules