♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Protect your secrets using Gitleaks-Action

Scan for secrets, endpoints, and other sensitive data after decompiling and deobfuscating Android files. (.apk, .xapk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab, .jadx.kts).

Examples of Custom Secret Scanning Patterns

GitHub Secret Scanning Auto Remediator (GSSAR)

collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.

All of our GitHub Actions rolled into one. Or as we like to say: One GitHub Action to rule them all!

A community-led project that aims to scan published Repls to find secrets and invalidate them.

A curated list of awesome GitHub Advanced Security secret scanning resources.

(in)secure git workshop 🔓+🔑 = 🔐

Testing Suite for GitHub Secret Scanning Custom Patterns

Secrets that were found by the Replit Token Scanner are dumped here for revocation.

Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

A Python based gitleaks wrapped tool to enable scanning of multiple Gitlab repositories in parallel.

Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

A GitHub Action that maps GHAS alerts states between two repos. Useful when migrating repositories.

GHAS for Developers Course

Official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc) using TruffleHog.

GitHub Action to export GitHub security alerts

A script used to replicate the state of alerts between two identical secret scanning custom patterns set at different levels