We got your secrets. Do you want ours?
Source code contains tons of sensitive information, like personable identifiable information in test data, usernames and passwords that someone forgot to parameterize, private keys, personal access tokens etc. You name it, you can find it.
But what if you could scan Github repos, Azure DevOps repos, Bitbucket repos? And if the secrets are neatly organized, easy to triage, sorted and transformed into usable metrics?
With Repository Scanner (licensed under MIT) you can do it all. Repository Scanner is an Enterprise Grade open source project, running in isolation as a continuous monitoring agent or running in pipelines as a CI stage, which captures secrets and presents the data in an easy to consume manner to Red Teams, Security Consultants, Test teams, Developers, CICD maintenance, Management (metrics) and every other interested stakeholder.
Try it out (again, fully licensed under MIT) via https://github.com/abnamro/repository-scanner and leave a βοΈ star if you like what you see.
Top comments (0)