Releases: Rolex-1905/aysal-scan
Releases · Rolex-1905/aysal-scan
Release list
v1.0.1 — First production release
First stable, fully-tested release of Aysal-Scan.
What it does
Scans git repos, staged changes, full git history, or any public GitHub URL for leaked secrets — then goes further than detection: calls the provider's API (read-only) to confirm the key is still active and enumerate exactly what it can access.
Highlights
- 17+ secret types: AWS, GitHub, OpenAI, Stripe, Slack, Twilio, SendGrid, npm, PyPI, GCP, Azure, Heroku, Google, JWT, private keys, database URLs, and high-entropy fallback
- AWS blast radius checks direct, inline, and group-attached IAM policies
- SARIF 2.1.0 output with baseline suppression for GitHub Security tab
- Interactive HTML report (collapsible, filterable, copy-to-clipboard)
- GitHub Action + pre-commit hook support
- 96 tests passing, 73% coverage
Fixed since the initial build
- JWT tokens no longer produce duplicate findings from entropy-fallback fragment matching
- Slack bot token regex now accepts real-world variable-length ID segments
- Git history scans now respect
AysalScanignoreand apply the same skip rules as directory scans - Removed unused
PyGithubdependency
Install
```bash
pip install aysal-scan
```
Full details in CHANGELOG.md.