Here is the link: https://github.com/arnica-ext/GitGoat
GitGoat is an open-source tool that was built to enable DevOps and Engineering teams to design and implement an effective misconfiguration prevention strategy on GitHub. GitGoat can be used to test products with access to GitHub repositories without risk to your production environment.
If you develop a product/script that calls any of the GitHub APIs, or you want to test a new GitHub application without exposing real data, GitGoat can be used to generate dummy activity (e.g., invite users, commit code, review PRs, and much more) quickly and repeatably.
Have you ever wanted to test a GitHub application without exposing your production data first? So did we, which is why we started GitGoat – an open-source utility for security, DevOps, and development teams. GitGoat is a compilation of faker data that should raise all sorts of flags in any product looking at access, privileges, or configuration gaps within GitHub – like Arnica, for example.
GitGoat runs with a GitHub Personal Access Token via Python/Docker CLI, to generate the following data:
Any of these configurations can be modified to fit various needs. In fact, the GitGoat community has already found several creative ways to leverage GitGoat data:
As the GitGoat community grows, we are eager to see what additional data can be used to test the effectiveness of GitHub security tooling.
We developed GitGoat for our own needs, as Arnica develops a product that identifies risks in the software supply chain. But we decided to share our work after experiencing tremendous value by automating everyone’s test data in development.
Given the ever-evolving nature of software supply chain attacks, we would love your help adding scenarios to GitGoat and improving what is there already. You can help by opening issues, creating pull requests, or simply star the project on GitHub to follow our progress.