whispers
tartufo
Our great sponsors
whispers | tartufo | |
---|---|---|
2 | 4 | |
463 | 389 | |
- | 5.9% | |
0.0 | 6.1 | |
7 months ago | 14 days ago | |
Python | Python | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
whispers
-
I made an app that lets you search all your apps and files at once
Something like https://github.com/Skyscanner/whispers
- Skyscanner/whispers - Identify hardcoded secrets and dangerous behaviours
tartufo
- Show HN: Tartufo, the godaddy Git secrets linter
- GitHub Access Token Exposure
-
Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
You could set up something like https://github.com/godaddy/tartufo in a pre-commit hook. Not sure if github has a way to hook into the push hooks on server side, they might though.
- Tartufo – effective finds secrets accidentally committed
What are some alternatives?
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
deadshot - Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository
repo-supervisor - Scan your code for security misconfiguration, search for passwords and secrets. :mag:
secrets - A command-line tool to prevent committing secret keys into your source code [Moved to: https://github.com/sirwart/ripsecrets]
kscp - Kubernetes Secrets Control Plane
ssh-crypt - This tool helps you to keep passwords inside your shell scripts safely
gitleaks - Protect and discover secrets using Gitleaks 🔑
leaky-repo - Benchmarking repo for secrets scanning
yaml.el - YAML parser in Elisp
oxo - OXO is a security scanning orchestrator for the modern age.