🛡️ Enterprise sanitization for logs AND source code
Automatically detects and replaces sensitive information in log files and source code with anonymized tokens or safe placeholder values. Built for air-gapped environments with horizontal scaling, OIDC authentication, and Prometheus monitoring.
Named after the Catch-22 character who censored letters - Yossarian Go sanitizes your files so you can safely share them with external support teams, vendors, or customers.
For sharing logs with support teams and vendors:
- IP Addresses →
[IP-001]with consistent mapping - AD Accounts → USN format via LDAP
- JWT Tokens →
[JWT-REDACTED] - Private Keys →
[PRIVATE-KEY-REDACTED] - Passwords →
[PASSWORD-REDACTED] - Custom Terms → Admin-configured patterns
For sharing code with customers, vendors, or public repos:
- Internal URLs →
http://example.com(preserves port/path) - IP Addresses →
192.0.2.x(RFC 5737 documentation range) - API Keys →
[AWS-KEY-REDACTED],[STRIPE-KEY-REDACTED], etc. - Passwords →
CHANGE_ME_PASSWORD(preserves JSON structure) - Secrets →
[SECRET-REDACTED] - Coordinates →
0.0000, 0.0000 - Supports: ZIP, tar.gz archives with structure preserved
helm install yossarian oci://ghcr.io/kofadam/charts/yossarian-go \
--version 0.13.20 \
--namespace yossarian-go \
--create-namespace \
--set ingress.host=yossarian.example.comgit clone https://github.com/kofadam/yossarian-go.git
cd yossarian-go
docker-compose up -d
open http://localhost:8080- Split Architecture: Horizontally scalable frontend + workers
- MinIO Storage: Batch processing for large archives
- Air-Gap Ready: No external dependencies
- Enterprise SSO: OIDC/Keycloak integration
- API Key Auth: Stateless authentication for CI/CD pipelines
- Export Approval: Dual-attestation with ECDSA digital signatures
- Prometheus Metrics: Full observability with Grafana dashboards
| Document | Description |
|---|---|
| Helm Chart README | Installation and configuration |
| Code Scan Guide | Source code sanitization |
| API Integration Guide | REST API for automation |
| Distribution Tooling Guide | Air-gap deployment |
| Certificate Configuration | OIDC and LDAPS setup |
| Technical Architecture | System design |
- Single File: 3MB file with 35K patterns in 2.6 seconds
- Batch Processing: Archives processed asynchronously
- AD Lookup Caching: 23x performance boost (98%+ cache hit rate)
- ✅ Export Approval Workflow - Security officer review and approval before export
- ✅ Digital Signatures - ECDSA P-256 signed manifests for chain of custody verification
- ✅ Approval Queue UI - Dedicated panel for security officers with pending job review
- ✅ Verification Guide - OpenSSL-based signature verification for external recipients
- ✅ Public Key Export - Share verification keys with vendors and auditors
- ✅ Code Scan Feature - Sanitize source code with safe placeholder values
- ✅ Archive Support - ZIP and tar.gz batch processing for Code Scan
- ✅ Enhanced Secret Detection - AWS, Stripe, GitHub, Slack, OpenAI, SendGrid keys
- ✅ Generic Secrets - JWT_SECRET, api_secret, secret_key patterns
- ✅ Coordinate Sanitization - Decimal, DMS, Geo URI, and object formats
See CHANGELOG for complete version history.
MIT License - See LICENSE file for details
🛡️ Yossarian Go - Making logs and code safe to share