Moat is a command-line security audit tool written in Rust that checks your GitHub organization, user account, or individual repository for supply-chain hygiene problems, security misconfigurations that could let an attacker slip malicious code into your software without detection. Supply-chain attacks happen when someone compromises a dependency, a contributor account, or an automated workflow rather than attacking your code directly. Moat scans for the controls that block those attacks: whether two-factor authentication is enforced org-wide, whether branch protection rules cover release branches, whether commits must be cryptographically signed, whether secret scanning and push protection are enabled, whether Dependabot alerts are on for vulnerable dependencies, and whether GitHub Actions workflows pin dependencies to specific hashes rather than mutable tags (which can be silently repointed after a compromise). To use it, install the binary via Homebrew or a prebuilt release, provide a GitHub token with read permissions, and run a single command with your org name, username, or repo slug. No configuration file is needed. Each check includes a plain-English explanation of the risk, so the output is actionable for teams that want to understand the danger, not just see pass/fail results. It targets open-source maintainers and engineering teams wanting a quick audit of their GitHub security posture before a leaked token or compromised dependency becomes an incident. The full README is longer than what was provided.
← laravel on gitmyhub — every repo by this author, as a profile.
Verify against the repo before relying on details.