Skip to content

Releases: Rolex-1905/aysal-scan

v1.0.1 — First production release

Choose a tag to compare

@Rolex-1905 Rolex-1905 released this 20 Jun 02:54

First stable, fully-tested release of Aysal-Scan.

What it does

Scans git repos, staged changes, full git history, or any public GitHub URL for leaked secrets — then goes further than detection: calls the provider's API (read-only) to confirm the key is still active and enumerate exactly what it can access.

Highlights

  • 17+ secret types: AWS, GitHub, OpenAI, Stripe, Slack, Twilio, SendGrid, npm, PyPI, GCP, Azure, Heroku, Google, JWT, private keys, database URLs, and high-entropy fallback
  • AWS blast radius checks direct, inline, and group-attached IAM policies
  • SARIF 2.1.0 output with baseline suppression for GitHub Security tab
  • Interactive HTML report (collapsible, filterable, copy-to-clipboard)
  • GitHub Action + pre-commit hook support
  • 96 tests passing, 73% coverage

Fixed since the initial build

  • JWT tokens no longer produce duplicate findings from entropy-fallback fragment matching
  • Slack bot token regex now accepts real-world variable-length ID segments
  • Git history scans now respect AysalScanignore and apply the same skip rules as directory scans
  • Removed unused PyGithub dependency

Install

```bash
pip install aysal-scan
```

Full details in CHANGELOG.md.