talisman
Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys. (by thoughtworks)
detect-secrets
An enterprise friendly way of detecting and preventing secrets in code. (by Yelp)
Our great sponsors
| talisman | detect-secrets | |
|---|---|---|
| 5 | 20 | |
| 1,836 | 3,469 | |
| 1.3% | 2.7% | |
| 6.8 | 8.1 | |
| 19 days ago | 17 days ago | |
| Go | Python | |
| MIT License | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
talisman
Posts with mentions or reviews of talisman.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-07-07.
-
Detecting Secrets in Git Repositories
It's been a while since I looked, but pre-commit hooks (like talisman) would be the only way to prevent secrets from being committed/pushed. Server-side hooks are generally not supported on hosted repos (e.g. github, azure devops) since it's basically arbitrary code execution from the host's perspective.
-
Where have you had secrets leaked?
Isn't scanning for commits that contain secrets the better way? Best on server so secrets can't be pushed. Something like https://github.com/thoughtworks/talisman
- git push
-
GitHub Access Token Exposure
https://thoughtworks.github.io/talisman/
- 关于所谓密钥泄露,是否可以使用“先审后发”的方式避免?
detect-secrets
Posts with mentions or reviews of detect-secrets.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-04-08.
- Rotz: Cross platform dotfile manager written in Rust
-
Detecting Secrets in Git Repositories
I searched a bit and found: https://github.com/Yelp/detect-secrets
-
My boss keeps committing his creds into git
To add my anecdote, testing out Trufflehog versus Gitleaks and detect-secrets the other tools seemed superior on detection rate and easier to work with.
-
"um": GPT-powered CLI Assistant
Respecting your privacy: To protect your sensitive data, um uses the excellent detect-secrets python library to remove passwords and tokens before indexing commands. Also our OpenAI account is opted out of collecting and using data for training the next versions of GPT.
- DataSurgeon: Quickly Extracts IP's, Email Addresses, Hashes, Files, URLs, Phone numbers and more from text
-
Protect yourself from accidentally leaking sensitive information
exclude: "^/migrations/" default_stages: [ commit, push ] default_language_version: python: python3 repos: - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 hooks: - id: detect-secrets name: Detect secrets language: python entry: detect-secrets-hook args: ['--baseline', '.secrets.baseline']
-
My setup for publishing to Dev.to using github
repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v2.3.0 hooks: - id: check-yaml - id: end-of-file-fixer - id: trailing-whitespace - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 hooks: - id: detect-secrets - repo: https://github.com/igorshubovych/markdownlint-cli rev: v0.33.0 hooks: - id: markdownlint args: ["--disable=MD013"] # this removes line length warnings
-
Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
Yelp has a "detect-secrets" project that can detect potential secrets and can be used as a pre-commit hook: https://github.com/Yelp/detect-secrets
-
Implement DevSecOps to Secure your CI/CD pipeline
detect-secret is an enterprise-friendly tool for detecting and preventing secrets in the code base. We can also scan the non-git tracked files. There are other tools as well like Gitleaks which also provide similar functionality.
-
Enable secure access to secrets for AWS ECS containers using Terraform - ecs-secrets-manager module
As presented in the report, a lot of secrets are hardcoded in the Git repository. This can be detected by secret detection tools. There are OSS like https://github.com/Yelp/detect-secrets or SaaS alternatives. The detection process can be executed by every team member locally using Git Hooks and on Github using Github Checks on the Pull Request level.
What are some alternatives?
When comparing talisman and detect-secrets you can also consider the following projects:
trufflehog - Find and verify secrets
husky - git hooks made easy
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
git-secrets - Prevents you from committing secrets and credentials into git repositories
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
Husky.Net - Git hooks made easy with Husky.Net internal task runner! 🐶 It brings the dev-dependency concept to the .NET world!
gitleaks - Protect and discover secrets using Gitleaks 🔑
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
truffleHogRegexes - These are the regexes that power truffleHog
simple-git-hooks - A simple git hooks manager for small projects
talisman vs trufflehog
detect-secrets vs trufflehog
talisman vs husky
detect-secrets vs semgrep
talisman vs git-secrets
detect-secrets vs snyk
talisman vs Husky.Net
detect-secrets vs gitleaks
talisman vs ggshield
detect-secrets vs truffleHogRegexes
talisman vs simple-git-hooks
detect-secrets vs ggshield