Thinking Like a Hacker: AWS Keys in Private Repos

This page summarizes the projects mentioned and recommended in the original post on dev.to
hardware-buttons scrape-images linkedin-bot

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  1. gitleaks

    Find secrets with Gitleaks 🔑

    It’s easy to think that it’s only important to scan for secrets in your public-facing repositories, but this real-world data breach proves that you need to treat all code the same from a security perspective. Malicious hackers can use open-source tools like Gitleaks and TruffleHog to quickly detect secrets in massive amounts of code*, without leaving a trace. As a defender, **it’s extremely important to have secret scans tightly integrated into your SDLC* (software development lifecycle) to reduce the risks of exposing them. GitGuardian offers secret scanning for private repositories in their Free, Business, and Enterprise plans.

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo

  3. trufflehog

    Find, verify, and analyze leaked credentials

    It’s easy to think that it’s only important to scan for secrets in your public-facing repositories, but this real-world data breach proves that you need to treat all code the same from a security perspective. Malicious hackers can use open-source tools like Gitleaks and TruffleHog to quickly detect secrets in massive amounts of code*, without leaving a trace. As a defender, **it’s extremely important to have secret scans tightly integrated into your SDLC* (software development lifecycle) to reduce the risks of exposing them. GitGuardian offers secret scanning for private repositories in their Free, Business, and Enterprise plans.

  4. ggcanary

    GitGuardian Canary Tokens

    GitGuardian has also recently introduced an open-source tool that defenders can add to their arsenal, ggcanary – the GitGuardian Canary Tokens. Security engineers should use it to plant fake AWS secrets in their internal perimeter (private repositories, CI pipelines, Jira tickets, etc.) to detect intrusion as soon as hackers attempt to exploit them.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years

    10 projects | news.ycombinator.com | 13 Oct 2022

  • My boss keeps committing his creds into git

    6 projects | /r/devops | 24 May 2023

  • Nosey Parker: a new scanner to find misplaced secrets in textual data and Git history

    4 projects | /r/netsec | 8 Dec 2022

  • GitHub Access Token Exposure

    6 projects | news.ycombinator.com | 20 Nov 2022

  • What are the best tools for Advanced Security Scans similar to GitHub Enterprise

    2 projects | /r/devops | 15 Aug 2022

Did you know that Go is
the 4th most popular programming language
based on number of references?

Loading...