Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
19 lines (16 sloc) 3.99 KB

Many tools exist to search a Git repository for potentially sensitive information. Each of these may have different capabilities and use different detection methods.

Here is a curated list of the secret detection tools we've come across:

Name URL Installs Pre-Commit Hook? Supported by watcher Description
detect-secrets An enterprise friendly way of detecting and preventing secrets in code.
git-secrets Prevents you from committing secrets and credentials into git repositories
Talisman Talisman validates the outgoing changeset for things that look suspicious using pre-push Git hooks
truffleHog Searches through git repositories for high entropy strings and secrets, digging deep into commit history
yar Yar is a tool for plunderin' organizations, users and/or repositories.
repo-supervisor Scan your code for security misconfiguration, search for passwords and secrets. 🔍
gitleaks Audit git repos for secrets 🔑
gitrob Reconnaissance tool for GitHub organizations
repo-security-scanner CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
GitGot Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
shhgit Shhgit finds secrets and sensitive files across GitHub code and Gists committed in near real time by listening to the GitHub Events API.
gitGraber Monitor GitHub to search and find sensitive data in real time for different online services.
You can’t perform that action at this time.