talisman
detect-secrets
talisman | detect-secrets | |
---|---|---|
5 | 23 | |
1,918 | 3,842 | |
0.4% | 1.2% | |
6.6 | 8.1 | |
5 months ago | about 1 month ago | |
Go | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
talisman
-
Detecting Secrets in Git Repositories
It's been a while since I looked, but pre-commit hooks (like talisman) would be the only way to prevent secrets from being committed/pushed. Server-side hooks are generally not supported on hosted repos (e.g. github, azure devops) since it's basically arbitrary code execution from the host's perspective.
-
Where have you had secrets leaked?
Isn't scanning for commits that contain secrets the better way? Best on server so secrets can't be pushed. Something like https://github.com/thoughtworks/talisman
- git push
-
GitHub Access Token Exposure
https://thoughtworks.github.io/talisman/
- 关于所谓密钥泄露,是否可以使用“先审后发”的方式避免?
detect-secrets
-
Trying to do Larger contributions to Open Source
This project scans codebases for exposed secrets. There was a feature request (labelled as good first issue by the repo authors) to display the total number of secrets found after a scan. I added functionality to count and display the number of secrets in the terminal.
-
Show HN: I built a tool that helps people scan and clean any repo for secrets
A similar tool is detect-secrets[1].
[1] https://github.com/Yelp/detect-secrets
- Firing Myself
- Rotz: Cross platform dotfile manager written in Rust
-
Detecting Secrets in Git Repositories
I searched a bit and found: https://github.com/Yelp/detect-secrets
-
My boss keeps committing his creds into git
To add my anecdote, testing out Trufflehog versus Gitleaks and detect-secrets the other tools seemed superior on detection rate and easier to work with.
-
"um": GPT-powered CLI Assistant
Respecting your privacy: To protect your sensitive data, um uses the excellent detect-secrets python library to remove passwords and tokens before indexing commands. Also our OpenAI account is opted out of collecting and using data for training the next versions of GPT.
- DataSurgeon: Quickly Extracts IP's, Email Addresses, Hashes, Files, URLs, Phone numbers and more from text
-
Protect yourself from accidentally leaking sensitive information
exclude: "^/migrations/" default_stages: [ commit, push ] default_language_version: python: python3 repos: - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 hooks: - id: detect-secrets name: Detect secrets language: python entry: detect-secrets-hook args: ['--baseline', '.secrets.baseline']
-
My setup for publishing to Dev.to using github
repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v2.3.0 hooks: - id: check-yaml - id: end-of-file-fixer - id: trailing-whitespace - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 hooks: - id: detect-secrets - repo: https://github.com/igorshubovych/markdownlint-cli rev: v0.33.0 hooks: - id: markdownlint args: ["--disable=MD013"] # this removes line length warnings
What are some alternatives?
trufflehog - Find, verify, and analyze leaked credentials
husky - git hooks made easy
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
git-secrets - Prevents you from committing secrets and credentials into git repositories
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
ggshield - Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
gitleaks - Protect and discover secrets using Gitleaks 🔑
simple-git-hooks - A simple git hooks manager for small projects
truffleHogRegexes - These are the regexes that power truffleHog
foundryvtt-minuit - Foundry VTT game system for the french RPG "Contes de Minuit"
markdownlint-cli - MarkdownLint Command Line Interface