Rename to ghscan to reflect more generic scanning support (#13)

This PR renames the project to `ghscan` to reflect the more generic
scanning support introduced in previous PRs.

Functionality remains the same but is no longer solely focused on the
original theme of the project.

---------

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>

Author: egibs

.github/chainguard/build.sts.yaml

@@ -1,7 +1,7 @@
 issuer: https://token.actions.githubusercontent.com
-subject_pattern: repo:chainguard-dev\/tj-scan:(ref:refs\/heads\/main|pull_request)
+subject_pattern: repo:chainguard-dev/ghscan:(ref:refs/heads/main|pull_request)
 claim_pattern:
-  job_workflow_ref: chainguard-dev/tj-scan/.github/workflows/build.yaml@.*
+  job_workflow_ref: chainguard-dev/ghscan/.github/workflows/build.yaml@.*
 
 permissions:
   contents: read

.github/workflows/build.yaml

@@ -37,5 +37,5 @@ jobs:
       - name: build
         run: |
           set -x
-          make out/tjscan
-          ./out/tjscan -h
+          make out/ghscan
+          ./out/ghscan -h

Makefile

@@ -1,20 +1,20 @@
-.PHONY: build docker fmt fmt-check test release sbom out/tjscan
+.PHONY: build docker fmt fmt-check test release sbom out/ghscan
 
-out/tjscan:
+out/ghscan:
 	mkdir -p out
-	go build -o out/tjscan ./cmd/tj-scan
+	go build -o out/ghscan ./cmd/ghscan
 
 keygen:
 	melange keygen
 
 melange: keygen
-	melange build --arch arm64,x86_64 tj-scan.yaml --signing-key melange.rsa
+	melange build --arch arm64,x86_64 ghscan.yaml --signing-key melange.rsa
 
 apko: melange
-	apko build tj-scan.apko.yaml tjscan:latest tjscan.tar
+	apko build ghscan.apko.yaml ghscan:latest ghscan.tar
 
-tj-scan-docker:
-	docker load < tjscan.tar
+ghscan-docker:
+	docker load < ghscan.tar
 
 sbom:
 	syft -o spdx-json . | jq . > sbom.json

README.md

@@ -1,5 +1,5 @@
-# tj-scan
-Scan GitHub Workflow logs for IOCs from the tj-actions/changed-files breach.
+# ghscan
+Scan GitHub Workflow logs for IOCs via strings or regex.
 
 Notes:
 - This script should not be seen as a universal detector of compromise; rather, a single result likely indicates that other Workflow runs in the search window were also compromised
@@ -63,7 +63,7 @@ permissions:
 
 For example:
 ```sh
-$ chainctl auth octo-sts --scope chainguard-dev/tj-scan --identity ephemerality -- go run cmd/tj-scan/main.go -target owner/repo -json="final.json" -csv="final.csv"
+$ chainctl auth octo-sts --scope chainguard-dev/ghscan --identity ephemerality -- go run cmd/ghscan/main.go -target owner/repo -json="final.json" -csv="final.csv"
 2025/03/18 11:27:59 INFO Found 1 repositories to scan
 2025/03/18 11:27:59 INFO No existing cache found at cache.json, starting fresh
 ```

cmd/tj-scan/main.go cmd/ghscan/main.gocmd/tj-scan/main.go renamed to cmd/ghscan/main.go

@@ -10,10 +10,10 @@ import (
 	"time"
 
 	"github.com/chainguard-dev/clog"
-	"github.com/chainguard-dev/tj-scan/pkg/action"
-	"github.com/chainguard-dev/tj-scan/pkg/file"
-	"github.com/chainguard-dev/tj-scan/pkg/ioc"
-	tjscan "github.com/chainguard-dev/tj-scan/pkg/tj-scan"
+	"github.com/chainguard-dev/ghscan/pkg/action"
+	"github.com/chainguard-dev/ghscan/pkg/file"
+	ghscan "github.com/chainguard-dev/ghscan/pkg/ghscan"
+	"github.com/chainguard-dev/ghscan/pkg/ioc"
 	"github.com/google/go-github/v69/github"
 	"github.com/spf13/viper"
 	"golang.org/x/oauth2"
@@ -145,7 +145,7 @@ func main() {
 		cachedResults[key] = true
 	}
 
-	req := tjscan.Request{
+	req := ghscan.Request{
 		Cache:         cache,
 		CacheFile:     *cacheFileFlag,
 		CachedResults: cachedResults,
@@ -161,7 +161,7 @@ func main() {
 		logger.Errorf("Failed to scan Workflows in repos: %v", err)
 	}
 
-	cr := tjscan.Cache{Results: req.Cache.Results}
+	cr := ghscan.Cache{Results: req.Cache.Results}
 	file.WriteResults(logger, cr, *cacheFileFlag, *jsonOutputFlag, *csvOutputFlag)
 	logger.Info("Processing complete")
 }

tj-scan.apko.yaml ghscan.apko.yamltj-scan.apko.yaml renamed to ghscan.apko.yaml

@@ -4,10 +4,10 @@ contents:
   keyring:
     - melange.rsa.pub
   packages:
-    - tjscan@local
+    - ghscan@local
 
 entrypoint:
-  command: tjscan
+  command: ghscan
 
 accounts:
   groups:

tj-scan.yaml ghscan.yamltj-scan.yaml renamed to ghscan.yaml

@@ -1,5 +1,5 @@
 package:
-  name: tjscan
+  name: ghscan
   version: "0.1.0"
   epoch: 1
   description: Scan Workflow logs for IOCs from the tj-actions/changed-files breach
@@ -16,23 +16,23 @@ environment:
 pipeline:
   - uses: git-checkout
     with:
-      repository: https://github.com/chainguard-dev/tj-scan
+      repository: https://github.com/chainguard-dev/ghscan
       expected-commit: bf0fb207b7f711d256ecb6463e645426a0e3db01
       tag: v${{package.version}}
 
   - uses: go/build
     with:
-      packages: ./cmd/tj-scan
-      output: tjscan
+      packages: ./cmd/ghscan
+      output: ghscan
 
 test:
   pipeline:
-    - name: Verify tj-scan version
+    - name: Verify ghscan version
       runs: |
-        tjscan -h
+        ghscan -h
 
 update:
   enabled: true
   github:
-    identifier: chainguard-dev/tj-scan
+    identifier: chainguard-dev/ghscan
     strip-prefix: v

go.mod

@@ -1,4 +1,4 @@
-module github.com/chainguard-dev/tj-scan
+module github.com/chainguard-dev/ghscan
 
 go 1.24.1
 

pkg/action/scan.go

@@ -12,16 +12,16 @@ import (
 	"sync"
 
 	"github.com/chainguard-dev/clog"
-	"github.com/chainguard-dev/tj-scan/pkg/file"
-	"github.com/chainguard-dev/tj-scan/pkg/request"
-	tjscan "github.com/chainguard-dev/tj-scan/pkg/tj-scan"
-	wf "github.com/chainguard-dev/tj-scan/pkg/workflow"
+	"github.com/chainguard-dev/ghscan/pkg/file"
+	ghscan "github.com/chainguard-dev/ghscan/pkg/ghscan"
+	"github.com/chainguard-dev/ghscan/pkg/request"
+	wf "github.com/chainguard-dev/ghscan/pkg/workflow"
 	"github.com/google/go-github/v69/github"
 	"github.com/spf13/viper"
 	"golang.org/x/sync/errgroup"
 )
 
-func scanWorkflows(ctx context.Context, logger *clog.Logger, req *tjscan.Request) error {
+func scanWorkflows(ctx context.Context, logger *clog.Logger, req *ghscan.Request) error {
 	g, gCtx := errgroup.WithContext(ctx)
 	g.SetLimit(2)
 
@@ -77,7 +77,7 @@ func scanWorkflows(ctx context.Context, logger *clog.Logger, req *tjscan.Request
 	return g.Wait()
 }
 
-func scanRuns(ctx context.Context, logger *clog.Logger, req *tjscan.Request, runs []*github.WorkflowRun, wfFileName, wfPath string) error {
+func scanRuns(ctx context.Context, logger *clog.Logger, req *ghscan.Request, runs []*github.WorkflowRun, wfFileName, wfPath string) error {
 	var rc io.ReadCloser
 	var resultsMu sync.Mutex
 
@@ -90,7 +90,7 @@ func scanRuns(ctx context.Context, logger *clog.Logger, req *tjscan.Request, run
 
 	logger.Infof("Found %d runs for workflow %s in %s/%s", len(runs), wfFileName, req.Owner, req.RepoName)
 
-	var runResults []tjscan.Result
+	var runResults []ghscan.Result
 	for _, run := range runs {
 		g.Go(func() error {
 			select {
@@ -139,7 +139,7 @@ func scanRuns(ctx context.Context, logger *clog.Logger, req *tjscan.Request, run
 				workflowRunUIURL := fmt.Sprintf("https://github.com/%s/%s/actions/runs/%d",
 					req.Owner, req.RepoName, runID)
 
-				resultsMap := make(map[string]*tjscan.Result)
+				resultsMap := make(map[string]*ghscan.Result)
 
 				for _, finding := range wfFindings {
 					if finding.Encoded == "" && finding.Decoded == "" && finding.LineData == "" {
@@ -158,7 +158,7 @@ func scanRuns(ctx context.Context, logger *clog.Logger, req *tjscan.Request, run
 							existing.DecodedData = finding.Decoded
 						}
 					} else {
-						res := tjscan.Result{
+						res := ghscan.Result{
 							Repository:       fmt.Sprintf("%s/%s", req.Owner, req.RepoName),
 							WorkflowFileName: wfFileName,
 							WorkflowURL:      workflowUIURL,
@@ -171,7 +171,7 @@ func scanRuns(ctx context.Context, logger *clog.Logger, req *tjscan.Request, run
 					}
 				}
 
-				var findings []tjscan.Result
+				var findings []ghscan.Result
 				for _, result := range resultsMap {
 					findings = append(findings, *result)
 				}
@@ -181,7 +181,7 @@ func scanRuns(ctx context.Context, logger *clog.Logger, req *tjscan.Request, run
 				resultsMu.Unlock()
 
 				if len(req.Cache.Results)%10 == 0 {
-					file.WriteCache(logger, filepath.Join(tjscan.ResultsDir, req.CacheFile), req.Cache.Results)
+					file.WriteCache(logger, filepath.Join(ghscan.ResultsDir, req.CacheFile), req.Cache.Results)
 				}
 
 				return nil
@@ -197,7 +197,7 @@ func scanRuns(ctx context.Context, logger *clog.Logger, req *tjscan.Request, run
 	return nil
 }
 
-func Scan(ctx context.Context, logger *clog.Logger, req *tjscan.Request, repos []*github.Repository) error {
+func Scan(ctx context.Context, logger *clog.Logger, req *ghscan.Request, repos []*github.Repository) error {
 	if req == nil {
 		return fmt.Errorf("req cannot be nil")
 	}

pkg/action/scanner.go

@@ -4,23 +4,23 @@ import (
 	"path/filepath"
 
 	"github.com/chainguard-dev/clog"
-	"github.com/chainguard-dev/tj-scan/pkg/file"
-	tjscan "github.com/chainguard-dev/tj-scan/pkg/tj-scan"
+	"github.com/chainguard-dev/ghscan/pkg/file"
+	ghscan "github.com/chainguard-dev/ghscan/pkg/ghscan"
 )
 
 type Scanner struct {
 	logger    *clog.Logger
-	results   chan []tjscan.Result
-	cache     *tjscan.Cache
+	results   chan []ghscan.Result
+	cache     *ghscan.Cache
 	cacheFile string
 	flushSize int
 	done      chan struct{}
 }
 
-func NewScanner(logger *clog.Logger, cache *tjscan.Cache, cacheFile string, flushSize int) *Scanner {
+func NewScanner(logger *clog.Logger, cache *ghscan.Cache, cacheFile string, flushSize int) *Scanner {
 	s := &Scanner{
 		logger:    logger,
-		results:   make(chan []tjscan.Result, 10),
+		results:   make(chan []ghscan.Result, 10),
 		cache:     cache,
 		cacheFile: cacheFile,
 		flushSize: flushSize,
@@ -35,17 +35,17 @@ func (s *Scanner) collect() {
 	for results := range s.results {
 		s.cache.Results = append(s.cache.Results, results...)
 		if len(s.cache.Results)%s.flushSize == 0 {
-			file.WriteCache(s.logger, filepath.Join(tjscan.ResultsDir, s.cacheFile), s.cache.Results)
+			file.WriteCache(s.logger, filepath.Join(ghscan.ResultsDir, s.cacheFile), s.cache.Results)
 		}
 	}
 
 	if len(s.cache.Results) > 0 {
-		file.WriteCache(s.logger, filepath.Join(tjscan.ResultsDir, s.cacheFile), s.cache.Results)
+		file.WriteCache(s.logger, filepath.Join(ghscan.ResultsDir, s.cacheFile), s.cache.Results)
 	}
 	close(s.done)
 }
 
-func (s *Scanner) Add(results []tjscan.Result) {
+func (s *Scanner) Add(results []ghscan.Result) {
 	if len(results) > 0 {
 		s.results <- results
 	}