As we analyzed .js files, similarly we have to use github dorks to analyze all the repositories related to the company.

If we get some developers working in that company we can follow them to see there work and report if we get anything fishy.

Use github dorks for finding API or any secrets.

CLI Tools:

• GitDorker python tool
• gitGraber python tool
• trufflehog