> Intelligent secrets detection — scan code, configs, and git history for exposed API keys, passwords, tokens, and credentials before they leak.
secrets scanner, credential leak, API key detection, token exposure, security scan, secret detection, git secret\\\`bash
node scanner.js scan ./src
node scanner.js scan ./ --include ".js,.json,.yaml,.env*"
\\\`
Detects 50+ patterns: AWS keys, GitHub tokens, Slack webhooks, database URLs, private keys, JWTs, etc.
\\\`bash
node scanner.js git-scan --depth 50
node scanner.js git-scan --since "2024-01-01"
\\\`
Finds secrets that were committed and later removed (still in git history).
\\\`bash
node scanner.js hook --install
\\\`
\\\`bash
node scanner.js redact ./src/config.js --replace-with "[REDACTED]"
\\\`
Replace detected secrets with placeholder values.
| Category | Examples |
|---|---|
| ---------- | ---------- |
| Cloud Keys | AWS_ACCESS_KEY, GCP_SERVICE_ACCOUNT, AZURE_CLIENT_SECRET |
| API Tokens | GitHub, Slack, Stripe, OpenAI, Anthropic, Google Maps |
| Database | MongoDB URI, PostgreSQL URL, Redis password |
| Crypto | RSA private key, SSH key, certificate |
| App Secrets | JWT secret, session key, encryption key |
| Config Files | .env, .npmrc, .pypirc, credentials.json |
\\\`json
{
"findings": [
{
"file": "src/config.js",
"line": 12,
"type": "AWS_ACCESS_KEY",
"severity": "CRITICAL",
"matched": "AKIAIOSFODNN7EXAMPLE",
"suggestion": "Move to environment variable or secrets manager"
}
],
"summary": { "critical": 1, "high": 0, "medium": 2, "low": 5 }
}
\\\`
共 1 个版本
暂无安全检测报告