26 lines
935 B
Markdown
26 lines
935 B
Markdown
# Secrets Scanner
|
|
|
|
Continuously scan repositories and local environments for exposed credentials before they reach production or public history.
|
|
|
|
## Problem
|
|
Accidental secret leaks happen quickly and can remain unnoticed long enough to be exploited.
|
|
|
|
## Core capabilities
|
|
- Detect API keys, tokens, and private keys with pattern and entropy checks.
|
|
- Scan commits, pull requests, and working directories.
|
|
- Trigger rotation workflows and incident checklists on detection.
|
|
- Suppress known false positives through scoped allow rules.
|
|
|
|
## MVP scope
|
|
- Pre-commit hook and CI pipeline integration.
|
|
- Alerting to chat and issue tracker.
|
|
- Baseline scan across existing repository history.
|
|
|
|
## Success criteria
|
|
- Fewer leaked credentials reaching remote repositories.
|
|
- Faster incident response when leaks are detected.
|
|
|
|
## Stretch ideas
|
|
- Automatic secret revocation through provider APIs.
|
|
- Developer education snippets in alert messages.
|