When URL is github.com it uses GITHUB_TOKEN token, and if gitlab.com uses GITLAB_TOKEN token
OR
Have one generic GIT_AUTH_TOKEN used for authentications (with warning its always used for all connections)
OR
Provide GIT_AUTH_TOKEN array and all tokens be checked/matched for access
Actual Behavior
Regardless of URL if GITHUB_TOKEN is set its always used, always auth is returned.
Set dummy/real GITHUB_TOKEN ( export GITHUB_TOKEN="ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
Set real GITLAB_TOKEN ( export GITLAB_TOKEN="glpat-xxxxxxxxxxxxxxxxxxxx" )
Run remote repo scanning in trivy or any other tool using this library ( trivy repo https://gitlab.com/private-organization/private-repo or trivy repo https://gitlab.com/gitlab-org/gitlab )
Expected Behavior
When URL is
github.com
it usesGITHUB_TOKEN
token, and ifgitlab.com
usesGITLAB_TOKEN
token OR Have one genericGIT_AUTH_TOKEN
used for authentications (with warning its always used for all connections) OR ProvideGIT_AUTH_TOKEN
array and all tokens be checked/matched for accessActual Behavior
Regardless of URL if
GITHUB_TOKEN
is set its always used, always auth is returned.https://github.com/aquasecurity/fanal/blob/f400923828e8f96e0b02b7e6098b4715826c018c/artifact/remote/git.go#L111-L132
Steps to Reproduce the Problem
GITHUB_TOKEN
(export GITHUB_TOKEN="ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
)GITLAB_TOKEN
(export GITLAB_TOKEN="glpat-xxxxxxxxxxxxxxxxxxxx"
)trivy repo https://gitlab.com/private-organization/private-repo
ortrivy repo https://gitlab.com/gitlab-org/gitlab
)git error: authentication required
Specifications