talisman
tartufo
Our great sponsors
talisman | tartufo | |
---|---|---|
5 | 4 | |
1,836 | 389 | |
1.3% | 5.9% | |
6.8 | 6.1 | |
19 days ago | 15 days ago | |
Go | Python | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
talisman
-
Detecting Secrets in Git Repositories
It's been a while since I looked, but pre-commit hooks (like talisman) would be the only way to prevent secrets from being committed/pushed. Server-side hooks are generally not supported on hosted repos (e.g. github, azure devops) since it's basically arbitrary code execution from the host's perspective.
-
Where have you had secrets leaked?
Isn't scanning for commits that contain secrets the better way? Best on server so secrets can't be pushed. Something like https://github.com/thoughtworks/talisman
- git push
-
GitHub Access Token Exposure
https://thoughtworks.github.io/talisman/
- 关于所谓密钥泄露,是否可以使用“先审后发”的方式避免?
tartufo
- Show HN: Tartufo, the godaddy Git secrets linter
- GitHub Access Token Exposure
-
Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
You could set up something like https://github.com/godaddy/tartufo in a pre-commit hook. Not sure if github has a way to hook into the push hooks on server side, they might though.
- Tartufo – effective finds secrets accidentally committed
What are some alternatives?
trufflehog - Find and verify secrets
deadshot - Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository
husky - git hooks made easy
secrets - A command-line tool to prevent committing secret keys into your source code [Moved to: https://github.com/sirwart/ripsecrets]
git-secrets - Prevents you from committing secrets and credentials into git repositories
whispers - Identify hardcoded secrets in static structured text
Husky.Net - Git hooks made easy with Husky.Net internal task runner! 🐶 It brings the dev-dependency concept to the .NET world!
kscp - Kubernetes Secrets Control Plane
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
gitleaks - Protect and discover secrets using Gitleaks 🔑
detect-secrets - An enterprise friendly way of detecting and preventing secrets in code.
leaky-repo - Benchmarking repo for secrets scanning