detect-secrets
shhgit
Our great sponsors
| detect-secrets | shhgit | |
|---|---|---|
| 1 | 7 | |
| 47 | 3,787 | |
| - | - | |
| 0.0 | 0.0 | |
| about 2 years ago | 8 months ago | |
| JavaScript | JavaScript | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
detect-secrets
-
Exposed company credentials in first week of internship
(sh)It happens. Make sure they understand that you have learned from your mistake and plan to make a meaningful effort to prevent this from happening again. Be super proactive, propose a new way to mitigate future leaks of sensitive info: https://github.com/lirantal/detect-secrets
shhgit
- Tencent WeChat is now a GitHub secret scanning partner
- Why do people use plain text for usernames and passwords on Github? A cautionary tale.
-
Searching across github
Shhgit is a really neat tool for this
- Around 50,000 GitHub credentials leaked as metadata inside commits
-
TruffleHog v3 β Detect and automatically verify over 600 credential types
There are a lot of secret detection tools out there. It probably is going to depend a lot on the specific features you care about. I personally really like shhgit[0] which is MIT licensed and is the tool I've found to most match my workflows.
[0]: https://github.com/eth0izzle/shhgit
-
My MetaMask Private Keys Stolen from GitHub Private Repo in 1 Hour
Assuming that the person you were working with didn't drain your wallet, there are many tools which can be used to actively monitor for commits being done on GitHub with secrets of sort.
The first one that comes to my mind is shhgit (https://github.com/eth0izzle/shhgit)
Anyone can self host it and then add multiple GitHub Dev keys to it. Then this can be used to monitor GitHub commits being done, majority of which can be categorized as "secrets".
- Ask HN: What are the best automated tools for keeping credentials out of GitHub?
What are some alternatives?
simple-git-hooks - A simple git hooks manager for small projects
git-secrets - Prevents you from committing secrets and credentials into git repositories
husky - Git hooks made easy πΆ woof!
trufflehog - Find and verify credentials
pre-commit-terraform - pre-commit git hooks to take care of Terraform configurations πΊπ¦
gitleaks - Protect and discover secrets using Gitleaks π
git-conventional-commits - Git Conventional Commits Util to generate Semantic Version and Markdown Change Log and Validate Commit Messag
opencti - Open Cyber Threat Intelligence Platform
talisman - Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious β such as tokens, passwords, and private keys.
automerge-action - GitHub action to automatically merge pull requests that are ready
OSINT-Framework - OSINT Framework
git-peek - git repo to local editor instantly