Skip to main content

Gemfury Deploy Or Push Token

Description

General

  • Documentation: https://gemfury.com/help/getting-started
  • Summary: Gemfury is a hosted repository for public and private packages. It supports packages from various sources like ruby, python, npm, php, debian, rpm or nuget. Interaction with the registry is done via a dashboard, using a cli tool or curl API calls. This detector aims at catching deploy and push tokens.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Gemfury offers different types of tokens with different rights. This detector focuses on deploy tokens.

Revoke the secret

Secrets can be deactivated or revoked from the user's dashboard.

Check for suspicious activity

As of the time of writing this documentation, this feature is not yet supported.

Details for Gemfury deploy or push token

  • Family: Api

  • Category: Package registry

  • Company: Gemfury

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.02

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- \.fury\.io
- type: ContentWhitelistPreValidator
patterns:
- \@(gem|npm(-proxy)?|pypi|yum|go-proxy|php|nuget|apt|maven|repo|git|push)\.fury\.io

Examples

- text: |
extra-index-url = https://1xqxBg-3BCln5kxQsiBDOoNPsGudfyJZE@repo.fury.io/fvuo1b
apikey: 1xqxBg-3BCln5kxQsiBDOoNPsGudfyJZE
username: fvuo1b
- text: |
# URL repo.fury.io context
deploy_token = https://e9ZPM-dD1lDuhPErMC8mYZ2XXk4XiCSY@repo.fury.io/fvuo1b/
apikey: e9ZPM-dD1lDuhPErMC8mYZ2XXk4XiCSY
username: fvuo1b
- text: |
# URL repo.fury.io context
push_token = https://NR6Ip-fqLmxT4oLsAr6asXX9KTSVfefQ@push.fury.io/fvuo1b/
apikey: NR6Ip-fqLmxT4oLsAr6asXX9KTSVfefQ
username: fvuo1b

How can I help you ?