InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises. Learn more →
Gitleaks Alternatives
Similar projects and alternatives to gitleaks
-
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
pre-commit
A framework for managing and maintaining multi-language pre-commit hooks.
-
-
git-all-secrets
A tool to capture all the git secrets by leveraging multiple open source git searching tools
-
git-secrets
Prevents you from committing secrets and credentials into git repositories
-
ggshield
Find and fix 350+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
-
InfluxDB
Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.
-
-
shhgit
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
-
-
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
-
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
-
detect-secrets
An enterprise friendly way of detecting and preventing secrets in code.
-
kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
-
tartufo
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
-
dockle
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
-
draw.io
draw.io is a JavaScript, client-side editor for general diagramming and whiteboarding
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better gitleaks alternative or higher similarity.
gitleaks reviews and mentions
Posts with mentions or reviews of gitleaks.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-10.
-
Securing the software supply chain in the cloud
Gitleaks
- How to deal with unintended information leakage when using GitHub as your GIT?
- GitHub Access Token Exposure
-
Thinking Like a Hacker: AWS Keys in Private Repos
It’s easy to think that it’s only important to scan for secrets in your public-facing repositories, but this real-world data breach proves that you need to treat all code the same from a security perspective. Malicious hackers can use open-source tools like Gitleaks and TruffleHog to quickly detect secrets in massive amounts of code*, without leaving a trace. As a defender, **it’s extremely important to have secret scans tightly integrated into your SDLC* (software development lifecycle) to reduce the risks of exposing them. GitGuardian offers secret scanning for private repositories in their Free, Business, and Enterprise plans.
-
Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
Good reminder to run Gitleaks[1] or Gitleaks-Action[2] on your repos
-
Implement DevSecOps to Secure your CI/CD pipeline
detect-secret is an enterprise-friendly tool for detecting and preventing secrets in the code base. We can also scan the non-git tracked files. There are other tools as well like Gitleaks which also provide similar functionality.
-
Entitlement in Open Source
I recently tried my hand in commercializing my open source project, gitleaks (http://gitleaks.io). I'm keeping the core gitleaks project MIT but changed the gitleaks-action on GitHub to a commercial license. Revenue from the commercial license and maintenance agreements has netted me much more than donations I've received over the past couple years. I encourage any open source maintainer to try and find a business model (plugin, dual license, enterprise support, etc) for their project.
FWIW, here is a blog post explaining the rationale behind starting an LLC https://blog.gitleaks.io/gitleaks-llc-announcement-d7d06a52e...
-
SHGA Shanghai Gov National Police Database Stolen
Assuming this unverified version of the story is true, the danger of accidentally leaking credentials in code is enormous and one of the reasons I continue to maintain and develop gitleaks. Those credentials[1] would have been caught by the gitleaks' generic rule [2]
[1] https://regex101.com/r/CLg9TK/1
[2] https://github.com/zricethezav/gitleaks/blob/master/config/g...
More and more providers have been adding unique prefixes to their tokens and access keys which makes detection much easier. Ex, GitLab adds `glpat-` to their PAT.
A project I maintain, Gitleaks, can easily detect "unique" secrets and does a pretty good job at detecting "generic" secrets too. In this case, the generic gitleaks rule would have caught the secrets [1]. You can see the full rule definition here [2] and how the rule is constructed here [3].
[1] https://regex101.com/r/CLg9TK/1
[2] https://github.com/zricethezav/gitleaks/blob/master/config/g...
[3] https://github.com/zricethezav/gitleaks/blob/master/cmd/gene...
-
A note from our sponsor - InfluxDB
www.influxdata.com | 6 Feb 2023
Stats
Basic gitleaks repo stats
26
11,516
8.7
7 days ago
zricethezav/gitleaks is an open source project licensed under MIT License which is an OSI approved license.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com