tartufo
secrets
Our great sponsors
tartufo | secrets | |
---|---|---|
4 | 1 | |
389 | 571 | |
5.9% | - | |
6.1 | 10.0 | |
15 days ago | over 1 year ago | |
Python | Rust | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tartufo
- Show HN: Tartufo, the godaddy Git secrets linter
- GitHub Access Token Exposure
-
Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
You could set up something like https://github.com/godaddy/tartufo in a pre-commit hook. Not sure if github has a way to hook into the push hooks on server side, they might though.
- Tartufo – effective finds secrets accidentally committed
secrets
What are some alternatives?
deadshot - Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository
talisman - Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys.
whispers - Identify hardcoded secrets in static structured text
kscp - Kubernetes Secrets Control Plane
gitleaks - Protect and discover secrets using Gitleaks 🔑
leaky-repo - Benchmarking repo for secrets scanning
oxo - OXO is a security scanning orchestrator for the modern age.
Pathfinder - Search Strategy analysis and more for spatial navigation data in rodents
bandit - Bandit is a tool designed to find common security issues in Python code.
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
aws-sdk-for-php - (DEPRECATED) AWS SDK for PHP - Version 1. Version 3 is the latest:
gto - 🏷️ Git Tag Ops. Turn your Git repository into Artifact Registry or Model Registry.