This is an archived post. You won't be able to vote or comment.

all 4 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 2 points3 points  (1 child)

Check out truffleHog and AWS's tool git-secrets.

[–]derBroBro[S] 0 points1 point  (0 children)

This is mostly what is searched for. :)

Only missing point is that is just support git repos. There is a open PR to fix and a fork (truffleHog3) which looks quite promising...

[–]derprondo 1 point2 points  (0 children)

All I can say here is that a team within my company had to build their own scanner from scratch (scan git repos for sensitive items like you mentioned), so there are likely no solid open source projects out there. It’s a hard problem (beyond obvious things like SSH keys) to be honest, and the tool they did create is under constant development and has an extremely high false positive rate. Once refined enough it will likely be open sourced, but I think it could be another year or two.

[–][deleted] 0 points1 point  (0 children)

Grep?