Secrets Scanning
Ensuring you don't leak secrets and bad actors use them
About
Source control is not a secure place to store secrets such as credentials, API keys or tokens, even if the repo is private. Secrets scanning tools can scan and monitor git repositories and pull-requests for secrets, and can be used to prevent secrets from being committed, or to find and remove secrets that have already been committed to source control. [1]
Tools / Solutions / Products
TruffleSecurity Trufflehog (web): find and verify credentials.
Deepfence SecretScanner: find secrets and passwords in container images and file systems.
TruffleSecurity Driftwood: a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user.
stacs: a YARA powered static credential scanner which suports binary file formats, analysis of nested archives, composable rulesets and ignore lists, and SARIF reporting.
git-hound: Reconnaissance tool for GitHub code search. Scans for exposed API keys across all of GitHub, not just known repos.
AWS Labs git-secrets: Prevents you from committing secrets and credentials into git repositories
Yelp detect-secrets: An enterprise friendly way of detecting and preventing secrets in code.
Auth0 Repo-supervisor: a tool that helps you to detect secrets and passwords in your code.
GitGuardian: secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine.
Nightfall: discover, classify, and remove secrets and keys to protect your organization and maintain compliance.
Spectral: monitor, classify, and protect your code, assets, and infrastructure for exposed API keys, tokens, credentials, and high-risk security misconfigurations in a simple way, without noise.
Sources
Last updated