Gemfury Full Access Token

Description

General

• Documentation: https://gemfury.com/help/getting-started
• Summary: Gemfury is a hosted repository for public and private packages. It supports packages from various sources like ruby, python, npm, php, debian, rpm or nuget. Interaction with the registry is done via a dashboard, using a cli tool or curl API calls. This detector aims at catching full access tokens.
• IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
• Scopes: Gemfury offers different types of tokens with different rights. This detector focuses on full access tokens.

Revoke the secret

Secrets can be deactivated or revoked from the user's dashboard.

Check for suspicious activity

As of the time of writing this documentation, this feature is not yet supported.

Details for Gemfury full access token

• Family: Api

• Category: Package registry

• Company: Gemfury

• High recall: False

• Validity check available: False

• Minimum number of matches: 2

• Occurrences found for one million commits: 0.25

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: true
- type: ContentWhitelistPreValidator
  patterns:
    - \.fury\.io
- type: ContentWhitelistPreValidator
  patterns:
    - \@(gem|npm(-proxy)?|pypi|yum|go-proxy|php|nuget|apt|maven|repo|git|push)\.fury\.io

Examples

- text: |
    GEMFURY_URL=https://Snpp7y42zaJCXkFbSfQa:@pypi.fury.io/sup3rU5er
  apikey: Snpp7y42zaJCXkFbSfQa
  username: sup3rU5er
- text: |
    GEMFURY_URL=https://Snpp7y42zaJCXkFbSfQa:@npm.fury.io/sup3rU5er
  apikey: Snpp7y42zaJCXkFbSfQa
  username: sup3rU5er