Our great sponsors
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
https://docs.github.com/en/code-security/secret-scanning/sec...
A bit sad, they don't publish the list of regexes, etc.
--------------
I added a similar thing to the package manager for Dart / Flutter, because we saw users accidentally publishing secrets. That code is public, it relies on regexes and entropy estimation:
https://github.com/dart-lang/pub/blob/eb8ee21a089ebe0f2c2dd8...
It was heavily inspired by the researchers in:
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a more popular project.
Related posts
- Why do people use plain text for usernames and passwords on Github? A cautionary tale.
- Searching across github
- My MetaMask Private Keys Stolen from GitHub Private Repo in 1 Hour
- Report - Credentials in public GitHub repositories increase 20% during 2020
- Any tips on efficiently evaluating a huge list of subdomains for a PenTest?