Skip to content

Processing of Access Token During Private Repo Scan #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
rajrachani36 opened this issue Apr 9, 2025 · 2 comments
Closed

Processing of Access Token During Private Repo Scan #166

rajrachani36 opened this issue Apr 9, 2025 · 2 comments
Assignees
@n1ckl0sk0rtge @san-zrl
Labels
help wanted Extra attention is needed question Further information is requested

Comments

@rajrachani36
Copy link

rajrachani36 commented Apr 9, 2025
edited
Loading

I'm currently scanning a private Git repository using a CBOM tool, and I've provided a generated personal access token (PAT) to authenticate with the repository. I would like to confirm whether this access token is being processed and validated locally on my machine (i.e., within the scanning tool itself) or if it is being sent over the network to an external server or cloud service for authentication or further processing. Could you clarify the flow of this token and whether there are any potential data exposure risks during this scanning process?
@n1ckl0sk0rtge n1ckl0sk0rtge added help wanted Extra attention is needed question Further information is requested labels May 8, 2025
@san-zrl
Copy link
Contributor

san-zrl commented May 12, 2025

Hi @rajrachani36,
Sorry for the late response and thank you for trying out CBOMkit. You enter credentials via the Authentication tab in Advanced options in the frontend. We pass on these credentials to JGit as they are. We do not log them nor do we store them anywhere.

@n1ckl0sk0rtge n1ckl0sk0rtge moved this from Todo to In Progress in CBOMkit Development May 15, 2025
@github-project-automation github-project-automation bot moved this from In Progress to Done in CBOMkit Development May 27, 2025
@n1ckl0sk0rtge
Copy link
Contributor

See #197

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@n1ckl0sk0rtge n1ckl0sk0rtge

@san-zrl san-zrl

Labels
help wanted Extra attention is needed question Further information is requested
Projects
CBOMkit Development
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@n1ckl0sk0rtge @san-zrl @rajrachani36