Hey devs,
We’ve all been there—you’re reviewing a pull request or pushing code, and suddenly you realize: “Did I just commit a secret?” It’s a heart-stopping moment, and it’s what inspired me to build CipherScan for VSCode.
CipherScan is an open-source Visual Studio Code extension that scans your codebase for sensitive information like API keys, passwords, and tokens. It’s designed to be simple, effective, and developer-friendly, helping you catch potential leaks before they become a problem.
Open-source GitHub Repo: CipherScan
What CipherScan Does?
Manual Scan Control
Run scans on your entire workspace or specific folders with a single click! You decide when to run the scan, so it doesn’t interrupt your workflow.Custom Pattern Detection
Tailor the extension to your needs with custom regex patterns to detect secrets like GitHub tokens, AWS keys, and more.Comprehensive Logs
Keep track of all scans with detailed logs and a visual HTML report that shows the secrets found, their severity, and the exact locations in your code.Real-Time Feedback
Get live updates as the scan progresses, including how many files have been scanned and any secrets detected.Pre-Commit Scan Reminder
Don’t forget to check for secrets before pushing your code. CipherScan will remind you to run a quick scan before committing your changes.
Why I Built It?
I wanted a tool that:
✅ Fits Seamlessly into My Workflow: CipherScan works when you want it to — no unnecessary automation or interruptions.
✅ Is Customizable: Every project is different, so you can define patterns that matter to you.
✅ Keeps Security Simple: You don’t need to be a security expert to protect your codebase.
It’s Open Source and Ready for Feedback!
CipherScan is still in its early stages, and I’d love to hear what you think. Whether it’s feature suggestions, bug reports, or general feedback, I’m all ears!
I also plan to publish it to the VSCode Marketplace soon, but I want to refine it based on your input first.
Installation & Setup
-
Installation:
Visit the CipherScan GitHub repository and download the latest
.vsixfile from the Releases section. In VSCode, pressCtrl+Shift+Pand search for "Install from VSIX". Select the downloaded file to install. - Run a Scan: Once installed, click the Find Exposed Secrets button in the VSCode status bar to start scanning your code. Choose to scan either the entire workspace or specific folders.
- Review & Fix Detected Secrets The scan results will show you any detected secrets, including their file paths and line numbers. Click on the line number to jump directly to the location and fix the issue.
-
View Scan Results
After the scan, you’ll find detailed logs and a summary report in the
.cipherscanfolder. The.cipherscan-secrets.logfile contains the full scan log, and the .cipherscan-report.html file provides a visually rich summary of the detected secrets.
Customization Options:
- Custom Patterns Add custom regex patterns in your settings.json to detect specific secrets unique to your project. For example:
"cipherscan.customPatterns": [
{
"name": "Custom API Key",
"regex": "custom_api_[a-zA-Z0-9]{32}",
"severity": "High"
}
]
- Exclude Files You can exclude certain files or folders from being scanned by adding them to your workspace settings:
"cipherscan.excludeFiles": [
"**/node_modules",
"**/dist",
".git",
".vscode"
]
Log & Report Generation:
Logs: CipherScan generates detailed logs that track every step of the scan process, including timestamps, files scanned, and detected secrets.
Reports: The HTML report provides a color-coded, user-friendly summary of the secrets detected, their severity, and where they are located in your code.
Handling False Positives:
If CipherScan detects false positives (like mock API keys or test data), you can easily ignore them. Just click the IGNORE button in the webview to exclude them from future scans and reports.
How You Can Help?
- Try It Out: Download it from the GitHub Repo. Head to the Releases section, download the latest .vsix file, and install it in VSCode.
- Share Your Feedback: What works? What doesn’t? What features would make it better?
- Give It a ⭐: If you find it useful, starring the repo would mean a lot and help others discover it too.
Thanks for reading! 😊
Top comments (0)