cml_dvc_case VS leaky-repo

Compare cml_dvc_case vs leaky-repo and see what are their differences.

Our great sponsors
  • Sonar - Write Clean Python Code. Always.
  • InfluxDB - Access the most powerful time series database as a service
  • SaaSHub - Software Alternatives and Reviews
cml_dvc_case leaky-repo
1 2
17 201
- -
0.0 10.0
about 2 months ago about 1 month ago
Python Python
- MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of cml_dvc_case. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-12-08.


Posts with mentions or reviews of leaky-repo. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-12-08.
  • Nosey Parker: a new scanner to find misplaced secrets in textual data and Git history
    4 projects | /r/netsec | 8 Dec 2022
    Also, I've built a repo of credentials and benchmarked several tools including trufflehog against it if you want to see how your tool and default ruleset stack up:
  • Discover Hidden Secrets in Git Repos with Rust
    3 projects | | 8 Nov 2021
    At this point, we've succeeded at what we set out to create. I went ahead and scanned common testing repositories for this sort of thing like Plazmaz/leaky-repo and dijininja/leakyrepo. In general the program found all or most of the secrets. In the case of dijininja/leakyrepo it found a lot of RSA private keys which is acceptable but technically a misidentification. For Plazmaz/leaky-repo we find the majority of the keys although once again misidentify some. The decision to use rust makes performance really solid although still a little slow even for small repos. A couple good extensions to this to help with that could be adding a thread pool in order to scan objects in parallel. In more professional code, it seems more idiomatic for the scan_objects() function to return some objects of objects including their results rather than just printing the one containing secrets. For example, it could be formatted something like this:

What are some alternatives?

When comparing cml_dvc_case and leaky-repo you can also consider the following projects:

leakyrepo - A repo which contains lots of things which it shouldn't

JAZ - Find secrets hidden in commits

whispers - Identify hardcoded secrets in static structured text

deadshot - Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository

betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

knob - Key Negotiation Of Bluetooth (KNOB) attacks on Bluetooth BR/EDR and BLE [CVE-2019-9506]

tartufo - Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.