Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@finos/git-proxy
Advanced tools
Deploy custom push protections and policies
on top of Git
Docs
·
Demo
·
Report a bug
·
Suggest a new feature
GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com
). It applies rules and workflows (configurable as plugins
) to all outgoing git push
operations to ensure they are compliant.
The main goal of GitProxy is to marry the defacto standard Open Source developer experience (git-based workflow of branching out, submitting changes and merging back) with security and legal requirements that firms have to comply with, when operating in highly regulated industries like financial services.
That said, GitProxy can also be used on a local environment to enforce a single developer's best practices, which tends to be the easiest setup to start with and the most comfortable one to build new GitProxy plugins.
sequenceDiagram
actor Developer
Developer->>+Git Server: git clone
Developer->>Workstation: git remote add proxy <proxy-server>
Developer->>+GitProxy: git push proxy
GitProxy-->>-Developer: Failed license check
Developer->>Workstation: git commit -m 'fix license issue'
Developer->>+GitProxy: git push
GitProxy-->>-Git Server: Approved
Install & run git-proxy (requires Nodejs):
$ npx -- @finos/git-proxy
Clone a repository, set the remote to the GitProxy URL and push your changes:
# Only HTTPS cloning is supported at the moment, see https://github.com/finos/git-proxy/issues/27.
$ git clone https://github.com/octocat/Hello-World.git && cd Hello-World
# The below command is using the GitHub official CLI to fork the repo that is cloned.
# You can also fork on the GitHub UI. For usage details on the CLI, see https://github.com/cli/cli
$ gh repo fork
✓ Created fork yourGithubUser/Hello-World
...
$ git remote add proxy http://localhost:8000/yourGithubUser/Hello-World.git
# This fetches the repository's default branch and pushes it (https://stackoverflow.com/a/44750379).
$ git push proxy $(git symbolic-ref refs/remotes/origin/HEAD | sed 's@^refs/remotes/origin/@@')
Using the default configuration, GitProxy intercepts the push and blocks it. To enable code pushing to your fork via GitProxy, add your repository URL into the GitProxy config file (proxy.config.json
). For more information, refer to our documentation.
For detailed step-by-step instructions for how to install, deploy & configure GitProxy and customize for your environment, see the project's documentation:
Your contributions are at the core of making this a true open source project. Any contributions you make are greatly appreciated. See CONTRIBUTING.md
for more information.
If you identify a security vulnerability in the codebase, please follow the steps in SECURITY.md
. This includes logic-based vulnerabilities and sensitive information or secrets found in code.
We are committed to making open source an enjoyable and respectful experience for our community. See CODE_OF_CONDUCT
for more information.
This project is distributed under the Apache-2.0 license. See LICENSE
for more information.
Drop a note, ask a question or just say hello in our community Slack channel 👋
If you can't access Slack, you can also subscribe to our mailing list.
Join our fortnightly Zoom meeting on Monday, 11AM EST (odd week numbers). Send an e-mail to help@finos.org to get a calendar invitation.
Otherwise, if you have a deeper query or require more support, please raise an issue.
FAQs
Deploy custom push protections and policies on top of Git.
The npm package @finos/git-proxy receives a total of 15 weekly downloads. As such, @finos/git-proxy popularity was classified as not popular.
We found that @finos/git-proxy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.