checkip
gitleaks
Our great sponsors
checkip | gitleaks | |
---|---|---|
14 | 34 | |
202 | 15,075 | |
- | 3.3% | |
4.4 | 8.2 | |
about 1 month ago | 2 days ago | |
Go | Go | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
checkip
-
CLI tool and library that checks an IP address
Did you come across an IP address, like from logs, and you have no idea what is it? checkip can help you.
I'm getting it here. And I'm using net Go standard library package.
OK :-)
-
Check an IP address using various public services
checkip uses also shodan. It gets the OS and ports from there.
I try to put only the most useful information in the output, like geolocation, OS and ports, company responsible for the autonomous system. And it quickly tells you whether the IP address is considered malicious. Also it's easy to add more Checkers (code the gives you information on an IP address). See https://github.com/jreisinger/checkip for more.
I wanted to add it to checkip but I can't call it from command line:
gitleaks
-
Go Security Scanner
Cool. What features/capabilities are different compared to gitleaks?
-
My boss keeps committing his creds into git
To add my anecdote, testing out Trufflehog versus Gitleaks and detect-secrets the other tools seemed superior on detection rate and easier to work with.
-
any open source that checks security vulnerabilities in code?
Maybe https://github.com/gitleaks/gitleaks is what you are looking for
-
Securing the software supply chain in the cloud
Gitleaks
- How to deal with unintended information leakage when using GitHub as your GIT?
- GitHub Access Token Exposure
-
Thinking Like a Hacker: AWS Keys in Private Repos
It’s easy to think that it’s only important to scan for secrets in your public-facing repositories, but this real-world data breach proves that you need to treat all code the same from a security perspective. Malicious hackers can use open-source tools like Gitleaks and TruffleHog to quickly detect secrets in massive amounts of code*, without leaving a trace. As a defender, **it’s extremely important to have secret scans tightly integrated into your SDLC* (software development lifecycle) to reduce the risks of exposing them. GitGuardian offers secret scanning for private repositories in their Free, Business, and Enterprise plans.
-
Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
Good reminder to run Gitleaks[1] or Gitleaks-Action[2] on your repos
-
Implement DevSecOps to Secure your CI/CD pipeline
detect-secret is an enterprise-friendly tool for detecting and preventing secrets in the code base. We can also scan the non-git tracked files. There are other tools as well like Gitleaks which also provide similar functionality.
What are some alternatives?
trufflehog - Find and verify credentials
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
git-secrets - Prevents you from committing secrets and credentials into git repositories
pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
husky - git hooks made easy
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
sops - Simple and flexible tool for managing secrets
git-all-secrets - A tool to capture all the git secrets by leveraging multiple open source git searching tools
shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
bandit - Bandit is a tool designed to find common security issues in Python code.
dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.