This small bash script will scan for leaked Access Keys or Secret Keys in a folder.
Just provide the folder to scan (recursively): Example
./scan.sh FOLDER_PATH
- Skip binary files
- Search for:
- Access Keys (20 capital alphanumeric random string)
- Secret Keys (40 capital alphanumeric random string)
- Special Access Keys are ignored:
ABCDEFGHIJ01234567890123456789ABCDEFGHIJ
- Access Keys withs less than 3 digits or less than 3 capital alphabetic characters are ignored.
- Secret Keys with less than 5 digits or less than 5 capital alphabetic characters are ignored.
Feel free to open an issue for discussion.
./tests/tests.sh to run tests.
This Github action allows you to scan for leaked credentials. See action.yml
| Parameter | Description | Required | Default |
|---|---|---|---|
scan_path |
Folder to scan | true |
"./" |
N/A
- Create workflow folder:
mkdir -p .github/workflows - Add new workflow
.github/workflows/cred-scan.yml:
name: Credential Scanner
on:
pull_request:
branches: [ master ]
jobs:
cred-scan:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Scan credentials
uses: outscale-dev/cred-scan@main
with:
scan_path: "./"Copyright Outscale SAS
BSD-3-Clause
LICENSE folder contain raw licenses terms following spdx naming.
You can check which license apply to which copyright owner through .reuse/dep5 specification.
You can test reuse compliance by running:
docker run --rm --volume $(pwd):/data fsfe/reuse:0.11.1 lint