secretlint VS git-secrets

Compare secretlint vs git-secrets and see what are their differences.

secretlint

Pluggable linting tool to prevent committing credential. (by secretlint)

git-secrets

Prevents you from committing secrets and credentials into git repositories (by awslabs)
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
secretlint git-secrets
6 32
690 11,938
4.1% 1.3%
9.4 1.3
6 days ago 18 days ago
TypeScript Shell
MIT License Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

secretlint

Posts with mentions or reviews of secretlint. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-01-03.
  • Secretlint 6: masking API tokens in .bash_history and .zsh_history
    4 projects | dev.to | 3 Jan 2023
    In most cases, you can't automatically fix any confidential information you find, but I've noticed that it's OK to automatically remove or mask any confidential information that has been left in .bash_history or .zsh_history. To automatically modify API tokens left in history files, Secretlint v6 adds a --format=mask-result formatter .
  • My GitHub Sponsors Revenue @ 2022
    5 projects | dev.to | 31 Dec 2022
    Software development: textlint, Secretlint, HonKit and other development and maintenance.
  • Looking Back on Two Years of GitHub Sponsors
    7 projects | dev.to | 28 Oct 2021
    Continuously committed repositories include JSer.info, textlint, and JavaScript Primer, etc. On the other hand, the newly created ones after the launch of GitHub Sponsors include philan.net, HonKit, Secretlint, etc.
  • secretlint v3.0 support GitHub token detection!
    3 projects | dev.to | 29 May 2021
    You can setup pre-commit Hook per project or pre-commit Hook globally. This git's pre-commit prevent you to commit your credentials like GitHub Token, SSH key, AWS crendentials.

git-secrets

Posts with mentions or reviews of git-secrets. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-05-02.

What are some alternatives?

When comparing secretlint and git-secrets you can also consider the following projects:

trufflehog - Find and verify credentials

gitleaks - Protect and discover secrets using Gitleaks 🔑

shhgit - Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.

aws-vault - A vault for securely storing and accessing AWS credentials in development environments

SecretFinder - SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets. :mag:

dmca - Repository with text of DMCA takedown notices as received. GitHub does not endorse or adopt any assertion contained in the following notices. Users identified in the notices are presumed innocent until proven guilty. Additional information about our DMCA policy can be found at

oslint - Open-Source Good Practices Analysis

ripsecrets - A command-line tool to prevent committing secret keys into your source code

ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

talisman - Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.