Nightfall Radar is a powerful tool for exploring your GitHub repositories and ensuring they are free of potentially sensitive credentials and secrets. The Radar user interface supports scanning a single repository at a time. However by leveraging the Radar API and a simple bash script you can quickly and easily initiate scans of all your organization's GitHub repos using a single command.
Create a new file in your working directory and copy the following code into that file replacing authorization tokens with those for your account. You may name the file anything you wish, but it will be referred to here as org_scanner.
$ touch org_scanner
Copy this code into the new file, replacing credentials where appropriate.
Note: If you do choose to save this script as a file, please ensure that it is included in your .gitignore file if applicable as it contains potentially sensitive credentials for both GitHub and Radar. You can read more about .gitignore files here.
for i in `curl -s -u <github_user>:<personal_access_token> \
| jq -r '..clone_url'`
do curl https://radar.nightfall.ai/api/v1/scans/new \
-u <radar_api_key>: -d github_url=$i
Run the following line in your terminal to grant permission to the new org_scanner script to run.
$ chmod +x ./org_scanner
Now, you can run the script from your command line simply by invoking its name.
If successful, you should see a response in your command line for each scanned repository like so:
"message": "Scan is running. You will be notified via email (firstname.lastname@example.org) when scan is complete. You can view the scan results via the provided Scan ID when complete. You can also configure a Webhook endpoint to be programmatically notified when the scan is complete. See API Docs: https://radar.nightfall.ai/docs#get-results",