DigitalRiskProt-05-GitHub_search_repos

DigitalRiskProt-05-GitHub_search_repos

Overview

This workflow automates security-focused GitHub repository and code searches to identify exposed API keys, leaked AWS credentials, and CVE proof-of-concept exploits across public repositories. It executes parallel search queries with configurable parameters, consolidates results from multiple search categories, and delivers a comprehensive HTML report via email for security team review.

How It Works

1. Search Query Configuration: Multiple Input Nodes define the search parameters for three distinct security categories:

   • API Keys Search: Searches GitHub code for exposed API key patterns in Python files, sorted by most recently updated
   • AWS Credentials Search: Searches GitHub code for AWS access key ID patterns in Python files, sorted by star count
   • CVE PoC/Exploits Search: Searches GitHub repositories for exploit and proof-of-concept code related to CVEs with significant community traction (100+ stars)
   • A shared common parameters Input Node defines the result limit (e.g., 100 results per query)
   • A Look-and-Feel Input Node provides branding and styling guidelines for the report

2. Query Transformation: Three parallel Data Transformation Agent Nodes map the human-readable search parameters into GitHub API-compatible JSON payloads, preserving query strings exactly as specified while mapping fields like search type, sort criteria, result ordering, and limits.

3. GitHub API Execution: Three parallel Integration Nodes execute the transformed queries against the GitHub search API, each targeting its respective search category (code search for API keys and AWS credentials, repository search for CVE PoCs).

4. Report Generation: A Scripting Agent Node receives all three sets of search results along with the original query definitions and styling guidelines, then generates a comprehensive HTML email report featuring:

   • A header section with report title and branding
   • A query reference section displaying each search category with its exact query string
   • Detailed result cards for each category showing repository names, star counts, fork counts, file paths, descriptions, and direct links to discovered items
   • A branded footer with Zynap attribution

Who is this for?

• Security operations teams monitoring for organizational credential leaks on GitHub
• Threat intelligence analysts tracking public CVE exploit development and weaponization
• DevSecOps teams implementing continuous secret leak detection across public repositories
• Red team operators identifying publicly available exploit code for vulnerability assessment
• Compliance teams auditing for exposed credentials and sensitive code in public repositories
• Security researchers monitoring the exploit development lifecycle for emerging vulnerabilities

What problem does this workflow solve?

• Automates the repetitive process of searching GitHub for exposed secrets and exploit code across multiple query patterns, eliminating manual search fatigue
• Provides parallel multi-category search execution covering API keys, cloud credentials, and CVE exploits in a single workflow run
• Delivers consolidated, formatted reports that combine results from different search categories into a unified view for efficient security team review
• Enables configurable and repeatable search operations through parameterized inputs, allowing teams to adapt queries to evolving threat patterns without modifying the workflow structure
• Reduces response time to credential exposure incidents by automating detection and reporting, supporting faster remediation of leaked secrets
• Supports proactive vulnerability management by monitoring public exploit development, enabling teams to prioritize patching based on real-world weaponization status Updated: 2026-03-19