# deepfence/secretscanner **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/deepfence-secretscanner).** 3,270 stars · 342 forks · Go · mit ## Links - GitHub: https://github.com/deepfence/SecretScanner - Homepage: https://deepfence.io - awesome-repositories: https://awesome-repositories.com/repository/deepfence-secretscanner.md ## Topics `containers` `devsecops` `docker` `hacktoberfest` `infosectools` `k8s` `kubernetes` `password` `scanning-tool` `secret-keys` `secrets` `secrets-detection` `secrets-management` `security` `security-tools` `vulnerability-scanners` ## Description SecretScanner is a security tool designed to search filesystems and container images for unprotected passwords, API keys, and other sensitive data. It functions as a static secret detector and container image scanner that identifies hardcoded credentials by matching content against a database of known secret types. The tool inspects container image layers to find secrets hidden within the filesystem hierarchy and parses local directories and host-mounted paths. It provides the ability to export scan findings in machine-readable JSON format for automated analysis and processing. The scanning engine utilizes pattern-based string matching and multi-threaded file traversal to process data. Users can adjust scan parameters such as thread counts, file size limits, and path exclusions to manage the scope and performance of the search. ## Tags ### Security & Cryptography - [Secret Detection](https://awesome-repositories.com/f/security-cryptography/secret-detection.md) — Identifies and prevents the exposure of sensitive credentials across files and container images. - [Secrets Scanning](https://awesome-repositories.com/f/security-cryptography/secrets-scanning.md) — Provides a security tool for detecting hardcoded credentials and sensitive data across filesystems and container image layers. ([source](https://threatmapper.org/docs/secretscanner/)) - [Container Security Scanners](https://awesome-repositories.com/f/security-cryptography/container-security-scanners.md) — Inspects container image layers to identify hardcoded secrets and sensitive credentials. - [Pattern Matching Detectors](https://awesome-repositories.com/f/security-cryptography/entropy-analysis/secret-entropy-detectors/pattern-matching-detectors.md) — Implements static analysis of local files and directories using pattern-based string matching to identify sensitive data. - [Filesystem Scanning](https://awesome-repositories.com/f/security-cryptography/local-repository-secret-scanning/filesystem-scanning.md) — Parses directories and host-mounted paths to identify secrets stored in files on the local machine. ([source](https://threatmapper.org/docs/secretscanner/configure/cli)) - [Sensitive File Discovery](https://awesome-repositories.com/f/security-cryptography/security/policies/host-resource-access/file-system-access-controls/sensitive-file-protections/sensitive-file-discovery.md) — Actively enumerates local directories and host systems to locate unprotected secrets. - [Secret Scanning](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanning/container-image-vulnerability-scanners/secret-scanning.md) — Searches pulled container images for unprotected secrets by matching contents against a database of known sensitive data types. ([source](https://threatmapper.org/docs/secretscanner/configure/cli)) - [Machine-Readable Vulnerability Exports](https://awesome-repositories.com/f/security-cryptography/machine-readable-vulnerability-exports.md) — Outputs security scan findings in structured JSON format to facilitate automated processing. ([source](https://threatmapper.org/docs/secretscanner/quickstart)) ### Development Tools & Productivity - [Credential Auditing](https://awesome-repositories.com/f/development-tools-productivity/package-managers/dependency/sbom-generators/container-image-scanning/credential-auditing.md) — Scans Docker and OCI images for hardcoded credentials before deployment to production. ### DevOps & Infrastructure - [Secret Detection](https://awesome-repositories.com/f/devops-infrastructure/containerization/image-inspection/container-image-analyzers/secret-detection.md) — Scans container images specifically for the presence of sensitive credentials. ([source](https://cdn.jsdelivr.net/gh/deepfence/secretscanner@release-2.5/README.md)) - [Layer Inspection](https://awesome-repositories.com/f/devops-infrastructure/layered-filesystems/layer-inspection.md) — Deconstructs pulled container images into their constituent layers to scan for secrets hidden within the filesystem hierarchy. ### Software Engineering & Architecture - [Secret Pattern Matching](https://awesome-repositories.com/f/software-engineering-architecture/pattern-matching-libraries/regex-pattern-matchers/secret-pattern-matching.md) — Uses regular expressions to identify specific formats of sensitive credentials like API keys and passwords. ### Part of an Awesome List - [DevSecOps and Automation](https://awesome-repositories.com/f/awesome-lists/devops/devsecops-and-automation.md) — Automates the discovery of sensitive data in filesystems and images as part of security standards in development. - [Container and Cluster Security](https://awesome-repositories.com/f/awesome-lists/security/container-and-cluster-security.md) — Scanner for detecting unprotected secrets and keys in containers. - [Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-scanning.md) — Tool for finding secrets in container images and filesystems. ### Data & Databases - [Scan Result Exporters](https://awesome-repositories.com/f/data-databases/data-serialization-formats/data-formats/output-format-rendering/scan-result-exporters.md) — Writes identified secrets to specified output formats like JSON or tables for downstream analysis. ([source](https://threatmapper.org/docs/secretscanner/configure/cli))