Skip to content

Project completeness: go directive, CLI help, SECURITY #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
smakarim merged 1 commit into from
Jun 6, 2026
+30 −2
Merged

Project completeness: go directive, CLI help, SECURITY #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Security Policy

## Reporting a vulnerability in Revenant

If you find a security issue in Revenant itself, please report it privately rather than opening
a public issue. Open a draft advisory at
https://github.com/smakarim/revenant/security/advisories/new and include steps to reproduce and
the affected commit or version. You will get a response as soon as possible.

## Using Revenant responsibly

Revenant is for authorized security testing and for assets you own or are permitted to test.
When it surfaces secrets in third-party repositories, follow responsible disclosure: report the
exposure privately to the affected owner so they can rotate the credential, and do not access or
use any secret you find.

## Supported versions

Revenant is pre-1.0. Fixes land on the latest `main`. Please test against `main` before
reporting.
7 changes: 7 additions & 0 deletions cmd/revenant/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,13 @@ func main() {
root := &cobra.Command{
Use: "revenant",
Short: "Recover deleted/force-pushed GitHub commits and find live secrets",
Long: `Revenant recovers deleted and force-pushed GitHub commits and scans them for live
secrets. In one run it also scans reachable history, public gists, and, with --dork,
all of GitHub via code search. Findings are verified with TruffleHog, attributed to the
author who committed them, and ranked by blast radius.

Requires TruffleHog on your PATH. A token (--tokens) is recommended for the activity log
and required for --dork. See https://github.com/smakarim/revenant for details.`,
RunE: func(cmd *cobra.Command, args []string) error {
fmt.Fprint(os.Stderr, banner)
spec, err := buildSpec(org, user, repos, reposFile)
Expand Down
5 changes: 3 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
module github.com/smakarim/revenant

go 1.26.4
go 1.22

require github.com/spf13/cobra v1.10.2

require (
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/spf13/cobra v1.10.2 // indirect
github.com/spf13/pflag v1.0.9 // indirect
)
Loading