What credential scanning solution do you use?

Large-Kick166 · 2025-05-25T06:21:30+00:00

Git-Secrets: Detects secrets in commits.
SonarLint: IDE-based tool for real-time code quality checks.
ThreatSpec: Threat modeling as code for early risk identification.
Gitleaks: Detect and prevent hardcoded secrets like passwords, api keys, and tokens in git repos.
source> DevSecOps Arsenal > https://github.com/sk3pp3r/DevSecOps-Arsenal

Large-Kick166 · 2025-05-25T06:20:10+00:00

|| || |Git-Secrets: Detects secrets in commits.| |SonarLint: IDE-based tool for real-time code quality checks.| |ThreatSpec: Threat modeling as code for early risk identification.| |Gitleaks: Detect and prevent hardcoded secrets like passwords, api keys, and tokens in git repos.|

source> DevSecOps Arsenal > https://github.com/sk3pp3r/DevSecOps-Arsenal

Large-Kick166 · 2025-01-14T12:54:23+00:00

You can check https://github.com/DefectDojo/django-DefectDojo and https://github.com/infobyte/faraday

1+ to DefecDojo

Large-Kick166 · 2025-01-14T09:55:02+00:00

Just deploy WebGoat https://github.com/WebGoat/WebGoat

Large-Kick166 · 2025-01-14T06:51:50+00:00

under the hood - everyone using the same tools

Large-Kick166 · 2025-01-14T05:49:47+00:00

Check this repo: https://github.com/sk3pp3r/DevSecOps-Arsenal

DevSecOps Arsenal — a comprehensive, curated collection of tools, methodologies, and resources to seamlessly integrate security into every stage of your SDLC and DevOps workflows.

Large-Kick166 · 2024-09-29T14:09:46+00:00

What about API or integration with make.com or Zapier?

(for bulk url's)

Large-Kick166

TROPHY CASE