Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
19 lines (16 sloc) 3.99 KB

Many tools exist to search a Git repository for potentially sensitive information. Each of these may have different capabilities and use different detection methods.

Here is a curated list of the secret detection tools we've come across:

Name URL Installs Pre-Commit Hook? Supported by watcher Description
detect-secrets https://github.com/Yelp/detect-secrets An enterprise friendly way of detecting and preventing secrets in code.
git-secrets https://github.com/awslabs/git-secrets Prevents you from committing secrets and credentials into git repositories
Talisman https://github.com/thoughtworks/talisman Talisman validates the outgoing changeset for things that look suspicious using pre-push Git hooks
truffleHog https://github.com/dxa4481/truffleHog Searches through git repositories for high entropy strings and secrets, digging deep into commit history
yar https://github.com/Furduhlutur/yar Yar is a tool for plunderin' organizations, users and/or repositories.
repo-supervisor https://github.com/auth0/repo-supervisor Scan your code for security misconfiguration, search for passwords and secrets. 🔍
gitleaks https://github.com/zricethezav/gitleaks Audit git repos for secrets 🔑
gitrob https://github.com/michenriksen/gitrob Reconnaissance tool for GitHub organizations
repo-security-scanner https://github.com/UKHomeOffice/repo-security-scanner CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
GitGot https://github.com/BishopFox/GitGot Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets.
shhgit https://github.com/eth0izzle/shhgit/ Shhgit finds secrets and sensitive files across GitHub code and Gists committed in near real time by listening to the GitHub Events API.
gitGraber https://github.com/hisxo/gitGraber Monitor GitHub to search and find sensitive data in real time for different online services.
You can’t perform that action at this time.