🏠 Homepage 📖 Documentation

n0s1 - Secret Scanner

n0s1 (pronunciation) is a secret scanner for Slack, Jira, Confluence, Asana, Wrike, Linear, Zendesk, GitHub and GitLab. It scans all channels/tickets/items/issues within the target platform in search of any leaked secrets in the titles, bodies, messages and comments. It is open-source and it can be easily extended to support scanning many others ticketing and messaging platforms.

See USER_MANUAL.md to learn how to run a scan.

Secrets are defined by an adaptable configuration file: regex.yaml or regex.toml. The scanner loads the configuration and searches for sensitive information, which includes:

• Github Personal Access Tokens
• GitLab Personal Access Tokens
• AWS Access Tokens
• PKCS8 private keys
• RSA private keys
• SSH private keys
• npm access tokens

Currently supported target platforms:

• Local filesystem
• Slack
• Jira
• Confluence
• Asana
• Wrike
• Linear
• Zendesk
• GitHub
• GitLab

Install

python3 -m ensurepip --upgrade
python3 -m pip install --upgrade n0s1
n0s1 --help

Quick Start

CLI:

python3 -m pip install n0s1
n0s1 jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"

Docker:

docker run spark1security/n0s1 jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"

From source:

git clone https://github.com/spark1security/n0s1.git
cd n0s1/src/n0s1
python3 -m venv n0s1_python
source n0s1_python/bin/activate
python3 -m pip install -r ../../requirements.txt
python3 n0s1.py jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"
deactivate

Python SDK - See SDK_GUIDE.md:

python3 -m pip install n0s1

try:
    import scanner
except:
    import n0s1.scanner as scanner

# Create scanner instance
scanner_instance = scanner.SecretScanner(
    target="jira_scan",
    server="https://yourcompany.atlassian.net",
    email="[email protected]",
    api_key="your-jira-api-token",
    debug=True
)

# Run the scan
result = scanner_instance.scan()

# Process results
print(f"Scan complete. Found {len(result.get('findings', {}))} potential secrets")

GitHub Actions:

jobs:
  jira_secret_scanning:
    steps:
      - uses: spark1security/n0s1-action@main
        env:
          JIRA_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
        with:
          scan-target: 'jira_scan'
          user-email: 'service_account@<YOUR_COMPANY>.atlassian.net'
          platform-url: 'https://<YOUR_COMPANY>.atlassian.net'

GitLab CI - Add the following job to your .gitlab-ci.yml file:

jira-scan:
  stage: test
  image:
    name: spark1security/n0s1
    entrypoint: [""]
  script:
    - n0s1 jira_scan --email "service_account@<YOUR_COMPANY>.atlassian.net" --api-key $JIRA_TOKEN --server "https://<YOUR_COMPANY>.atlassian.net" --report-file gl-dast-report.json --report-format gitlab
    - apt-get update
    - apt-get -y install jq
    - cat gl-dast-report.json | jq
  artifacts:
    reports:
      dast:
        - gl-dast-report.json

Want more? Check out Spark 1

If you liked n0s1, you will love Spark 1 which builds on top of n0s1 to provide even more enhanced capabilities for a complete security management offering.

Don't forget to check out the https://spark1.us website for more information about our products and services.

If you'd like to contact Spark 1 or request a demo, please use the free consultation form.

Community

n0s1 is a Spark 1 open source project.
Learn about our open source work and portfolio here.
Contact us about any matter by opening a GitHub Discussion here