Detect IP address of GitHub commit

i’m the owner of a few corporate github repositories. Lately we have been suspicious of a developer who may be enlisting outsourced help through his borrowed github identity (many 4am commits in batches). Is there a way on to determine the source IP address of the committer? On the traffic page i can infer this info based on teh number of unique clones, but this is not enough data for us to validate our concerns.

Joe Anonymous

  • Finding merge commits which undo previous changes from one of the branches?
  • How to find out IP address of a given push event in Gitlab
  • What reporting is available for svn?
  • Deploy changed files using Git
  • Next Steps with Git: Establishing a Cohesive Work Flow
  • How do I make git block commits if user email isn't set?
  • How to have two remote origins for Git?
  • Where to place Git repository
  • Git flow track - already exists
  • One Solution collect form web for “Detect IP address of GitHub commit”

    If this “individual”, if I’m quoting your corporatese right, lets his subcontractors commit themselves to the official repo in his name without further precautions, then he is an idiot and deserves to be fired.

    In this case, you probably don’t even need the committer’s IP address. The commit itself contains some very useful data:

    git cat-file -p <suspicious-commit-id>

    Will show the entire commit object. It will contain two lines like this:

    author Foo Bar <> 1398017575 +0200
    committer Foo Bar <> 1398017575 +0200

    As you can see there is timezone info following the Unix-epoch timestamps. If you’re on the East Coast in the USA, you should see something like -0500. If the subcontractors are in India, you’ll see +0630 or something like that.

    The “individual” has probably more sense than that. So the subcontractors push to his repo, then he rewrites history and pushes to the official repo. In the latter case, good luck.

    Git Baby is a git and github fan, let's start git clone.