eskimo

command module
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 17, 2025 License: Apache-2.0 Imports: 2 Imported by: 0

README

Eskimo

Cybrota Eskimo Logo (light)

Centralized security scanning for your entire GitHub organization. Eskimo automatically discovers all repositories, runs your configured security scanners, and delivers a complete baseline of your security posture—no repo left behind.

Why Use Eskimo?

  • Centralized Scanning Automatically fetches every repository in your organization, so you never miss a repo or branch.

  • Configurable Scanners Define any scanner with its commands and environment variables in a simple YAML file.

  • Baseline & Audit Run daily or weekly to capture a baseline, then compare over time or spot new issues immediately.

  • Lightweight & Portable A single Go binary with zero external dependencies—runs anywhere Docker runs or as a native executable.

Key Features

  • Auto-clone & Pull Clones each repo under /tmp/github-repos; if already present, pulls the latest changes.

  • Flexible Configuration Define multiple scanners in scanners.yaml, toggle them on or off, set pre-commands, and pass custom env vars.

  • Device-Flow Authentication Securely authenticate via GitHub’s device flow—no browser embeds in CI required.

Supported Platforms

Binary

  • Linux
  • macOS

Cloud

  • AWS

Installation

Option 1: Script Install

curl -sfL https://raw.githubusercontent.com/cybrota/eskimo/refs/heads/main/install.sh | sh

This will download the latest Eskimo binary and make it available on your $PATH.

Option 2: Download Prebuilt Binary

  1. Go to the Releases page

  2. Download the archive for your OS and architecture

  3. Unpack and move eskimo into a directory on your $PATH

Usage Examples

  1. Run Scanners Against an Organization
# Uses scanners.yaml in current directory
eskimo --org my-org

Or explicitly specify your config file:

eskimo --org my-org --config /path/to/scanners.yaml
  1. Authenticate via Device Flow
eskimo auth --org my-org

Follows GitHub's device-flow: you'll get a code to paste at github.com/device.

The Risk of Unscanned Repositories

Without a centralized scanner, it’s easy to overlook new or forked repos—exposing your organization to unpatched vulnerabilities, drifted dependencies, or misconfigured workflows. Eskimo ensures every repo is covered by automating manual process of scanning code everytime there is a new scanner or a repo.

TODO

  • Webhook integration for real-time alerts to MS Teams or Slack

  • Send to SIEM systems

Further Reading

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
auth
config
github
orchestrator
scanner

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.