Skip to main content

Gemfury Full Access Token

Description#

General#

  • Documentation: https://gemfury.com/help/getting-started
  • Summary: Gemfury is a hosted repository for public and private packages. It supports packages from various sources like ruby, python, npm, php, debian, rpm or nuget. Interaction with the registry is done via a dashboard, using a cli tool or curl API calls. This detector aims at catching full access tokens.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Gemfury offers different types of tokens with different rights. This detector focuses on full access tokens.

Revoke the secret#

Secrets can be deactivated or revoked from the user's dashboard.

Check for suspicious activity#

As of the time of writing this documentation, this feature is not yet supported.

Details for Gemfury full access token#

  • Family: Api

  • Category: Package registry

  • Company: Gemfury

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.25

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - \.fury\.io- type: ContentWhitelistPreValidator  patterns:  - \@(gem|npm(-proxy)?|pypi|yum|go-proxy|php|nuget|apt|maven|repo|git|push)\.fury\.io

Examples#

- text: >    GEMFURY_URL=https://Sspp7y42zaJMXrFbVaQa:@pypi.fury.io/sup3rU5er  apikey: Sspp7y42zaJMXrFbVaQa  username: sup3rU5er- text: >    GEMFURY_URL=https://Sspp7y42zaJMXrFbVaQa:@npm.fury.io/sup3rU5er  apikey: Sspp7y42zaJMXrFbVaQa  username: sup3rU5er