Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Detect IP address of GitHub commit

Tags:

git

github

audit

code-access-security

i'm the owner of a few corporate github repositories. Lately we have been suspicious of a developer who may be enlisting outsourced help through his borrowed github identity (many 4am commits in batches). Is there a way on github.com to determine the source IP address of the committer? On the traffic page i can infer this info based on teh number of unique clones, but this is not enough data for us to validate our concerns.

Cheers, Joe Anonymous

like image 289
joe mediocrity Avatar asked Nov 17 '14 22:11

joe mediocrity

People also ask

Does GitHub show IP address?

By default, GitHub Enterprise Cloud does not display the source IP address for events in your enterprise's audit log.

How do you get details of a commit?

`git log` command is used to view the commit history and display the necessary information of the git repository. This command displays the latest git commits information in chronological order, and the last commit will be displayed first.

How do I find my commit ID on GitHub?

In a different web browser tab, go to your GitHub dashboard . In Your repositories, choose the repository name that contains the target commit. In the list of commits, find and copy the commit ID that refers to the revision in the repository.

1 Answers

If this "individual", if I'm quoting your corporatese right, lets his subcontractors commit themselves to the official repo in his name without further precautions, then he is an idiot and deserves to be fired.

In this case, you probably don't even need the committer's IP address. The commit itself contains some very useful data:

git cat-file -p <suspicious-commit-id>

Will show the entire commit object. It will contain two lines like this:

author Foo Bar <[email protected]> 1398017575 +0200
committer Foo Bar <[email protected]> 1398017575 +0200

As you can see there is timezone info following the Unix-epoch timestamps. If you're on the East Coast in the USA, you should see something like -0500. If the subcontractors are in India, you'll see +0630 or something like that.

The "individual" has probably more sense than that. So the subcontractors push to his repo, then he rewrites history and pushes to the official repo. In the latter case, good luck.

like image 79
SzG Avatar answered Oct 24 '22 02:10

SzG
Sign in to Comment

Related questions

git status vs git status -u vs git status -uno
Git diff thinks line endings are LF when EOL is set to CRLF in .gitattributes
Remove a git commit between two commits
How to push a new branch non-existing on the remote server without --set-upstream?
Custom git command autocompletion
Remove git cache from Jenkins
Avoiding "Another active Homebrew update process is already in progress"
Git and log order
FETCH_HEAD reference not updating correctly after "git fetch"
git clone into a branch
How can I add pattern that start with hash to gitignore [duplicate]
Fixing Git History after Fetching Wrong Repo
gitignore continue to track file after adding it once by force
How do I set a pattern for git commit messages?
How do I git stash with Visual Studio Tools for Git v0.8.5.1
Git pull till certain commit (tag)
Git internals: Modifying `git-merge-one-file` to not use working tree
git svn rebase index file open failed : Invalid argument
Why does "git clone" not take a refspec?
Can I use command-line Git tools and TortoiseGit simultaneously?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!