Detect Secrets

Features

Secrets Scanning - Identifies hard-coded credentials and sensitive information in source code using multiple detection strategies.
Secret Scanning Hooks - Intercepts pre-commit events to run secret scans and block commits with unbaselined secrets.
Secret Scanning Integrations - Integrates automated secret detection into continuous integration and deployment workflows.
Secret Baseline Generation - Creates a reference snapshot of known secrets to distinguish new leaks from pre-existing ones.
Detection Plugin Interfaces - Loads modular detection plugins at runtime, each implementing a distinct scanning strategy.
Secret Pattern Matching - Scans file contents against curated regular expressions designed to match common credential formats.
Plugin-Based Architectures - Loads modular detection plugins at runtime, each implementing a distinct scanning strategy.
Secret Classifiers - Applies a trained model to identify secret-like patterns using contextual features beyond regex.
Secret Detection Plugins - Loads user-defined secret detectors or filters to catch patterns not covered by the built-in rule set.
Secret Entropy Detectors - Measures string randomness to identify high-entropy tokens likely to be cryptographic keys or passwords.
Custom Detection Rules - Extends the scanner with custom detection logic for proprietary data formats or organization-specific patterns.
Audit & Remediation Workflows - Labels scan results as true or false positives and tracks the rotation of leaked credentials.
Regex-Based Exclusion Rules - Provides regex-based exclusion rules to reduce false positives during secret scanning.
False Positive Auditing - Records each detection verdict as a true or false positive entry for downstream remediation tracking.
Code Security - Prevents accidental commits of sensitive credentials and secrets.
Identity and Access Management - Detects and prevents secrets from being committed to code.
Identity and Privacy - CLI for auditing and preventing secrets in source code.
Secret Detection - Detects and prevents secrets from entering the codebase.
Secret Scanning - Prevents secrets from being committed by scanning diffs against regex patterns.
Secrets Scanning - Identifies potential secrets within a codebase using modular detection logic.
Security and Vulnerability Scanning - Prevents secrets from being committed to version control.

Open-source alternatives to Detect Secrets

Similar open-source projects, ranked by how many features they share with Detect Secrets.

zricethezav/gitleaks
zricethezav/gitleaks
27,739View on GitHub
Gitleaks is a static analysis security tool and secret detection engine designed to find hardcoded passwords, API keys, and authentication tokens. It functions as a Git secret scanner that analyzes both local file systems and Git commit history to prevent credential leaks. The tool distinguishes itself through a decoding pipeline that transforms base64 and hex strings into plaintext to find obfuscated secrets. It further reduces false positives using proximity-based validation and fingerprint-based suppression to filter out known or baseline findings. The system covers a broad range of detec
Go
View on GitHub27,739
awslabs/git-secrets
awslabs/git-secrets
13,177View on GitHub
Git-secrets is a security utility designed to prevent the accidental exposure of sensitive credentials by integrating automated scanning directly into the version control commit lifecycle. It functions as a commit scanner that evaluates staged files and commit messages against defined security policies before changes are finalized in a repository. The tool utilizes regular expression pattern matching to identify potential secrets and supports the registration of custom patterns to address specific organizational security requirements. To manage operational friction, it includes mechanisms for
Shell
View on GitHub13,177
deepfence/secretscanner
deepfence/SecretScanner
3,270View on GitHub
SecretScanner is a security tool designed to search filesystems and container images for unprotected passwords, API keys, and other sensitive data. It functions as a static secret detector and container image scanner that identifies hardcoded credentials by matching content against a database of known secret types. The tool inspects container image layers to find secrets hidden within the filesystem hierarchy and parses local directories and host-mounted paths. It provides the ability to export scan findings in machine-readable JSON format for automated analysis and processing. The scanning
Gocontainersdevsecopsdocker
View on GitHub3,270
securego/gosec
securego/gosec
8,866View on GitHub
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Go
View on GitHub8,866

See all 30 alternatives to Detect Secrets

Yelpdetect-secrets

Features

Open-source alternatives to Detect Secrets

zricethezav/gitleaks

awslabs/git-secrets

deepfence/SecretScanner

securego/gosec

Star history

Open-source alternatives to Detect Secrets

zricethezav/gitleaks

awslabs/git-secrets

deepfence/SecretScanner

securego/gosec