v2.0.2

Updated the requirements.txt files with the locked versions of the direct packages in order to prevent potential compatibility issues.

v2.0.1

What's Changed

• Fixed a bug where the default branch name cannot be retrieved.
• Updated code blocks to use native git commands instead of using pygit2 functions, where it failed in big repos.

Full Changelog: v2.0.0...v2.0.1

v2.0.0

What's Changed

One of the challenges of testing security products against a non-production repository is that source code needs to be vulnerable (like GitGoat and RailsGoat).
However, forking/cloning these repositories is not enough as the code authors are not in the organizations you created. Therefore, this release took it one step further to rewrite the commits history with the authors in the organization created for GitGoat.

How does the fake commits process work?

1. GitGoat maps public repo names to your organization's private repos. The default configuration can be found here.
2. For each public repository, GitGoat maps the most frequent non-bot authors based on their commit history and the users configured in GitGoat.
3. GitGoat iterates through all commits and cherry picks each with the relevant amendments. For example, if the author is mapped to a user in the configuration, the author and committer will be replaced. Otherwise, the original committer and author are used to generate the amended commit.
   Note: the longer the repository history, the longer it takes to generate the amended repository. GitGoat will not show progress while iterating through commits, so please be patient in that case.
4. Upon completion of the amendment, GitGoat will add a remote to the mapped private GitGoat repository and push the changes to this repository.
5. If there is a logic in the config file to commit hardcoded secrets or add recent commits, it will continue working as in the previous versions of GitGoat.

Release v1.1.2

What's Changed

• Added repositories with different branch protection policies - look at Ginger, Wasabi and Peppermint in config.yaml.
• Added nested teams - see the "parent_teams" section in config.yaml.
• Added secrets into source code. Modify "commit_secrets_in_repositories" in config.yaml under each member to configure which members commit secrets in specific repositories.

Release v1.1.1

What's Changed

• Feature: Users create multiple PRs and get approved by distinct users.
• Bug fix: GitHub ignored codeowners associations when users were members of the team.

GitGoat v1.1.0

What's Changed

• GitGoat generates codeowners files and reviews PRs according to the rules, e.g. if codeowners are defined but not enforced, it is demonstrated.
• PR merging and reviewing members are split to have more diverse data set.

First Release

This is the first release of GitGoat.
Please use the instructions here.