Deepfence SecretScanner can find unprotected secrets in container images or file systems. Secrets are any kind of sensitive or private data that gives authorized users permission to access critical IT infrastructure (such as accounts, devices, networks, cloud based services), applications, storage, databases, and other kinds of critical data for an organization. For example, passwords, AWS access IDs, AWS secret access keys, Google OAuth Key etc. are secrets. Secrets should be strictly kept private. However, sometimes attackers can easily access secrets due to flawed security policies or inadvertent mistakes by developers. Sometimes developers use default secrets or leave hard-coded secrets such as passwords, API keys, encryption keys, SSH keys, tokens, etc. in container images, especially during rapid development and deployment cycles in CI/CD pipeline. Also, sometimes users store passwords in plain text.

Features

  • SecretScanner is a standalone tool that retrieves and searches container and host filesystems, matching the contents against a database of approximately 140 secret types
  • Documentation available
  • SecretScanner is also included in ThreatMapper, an open source scanner that identifies vulnerable dependencies and unprotected secrets in cloud native applications, and ranks these vulnerabilities based on their risk-of-exploit
  • Examples available
  • Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure
  • Use SecretScanner if you need a lightweight, efficient method to scan container images and filesystems for possible secrets

Project Samples

SecretScanner Screenshot 1

Project Activity

See All Activity >

Categories

Security

License

MIT License

Follow SecretScanner

SecretScanner Web Site

Other Useful Business Software
Project Planning and Management Software | Planview Icon
Project Planning and Management Software | Planview

For Enterprise PMOs

Planview® ProjectAdvantage (formerly Sciforma) is an enterprise-centric project and portfolio management (PPM) software designed to enable change, drive innovation, and lead in a company's digital transformation. With ProjectAdvantage, teams can strategically track and monitor project data in order to make relevant decisions. It offers multiple features focused on strategic management, functional management, and execution management. A highly scalable and cost-effective solution, ProjectAdvantage is available in various deployment models.
Learn More
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of SecretScanner!

Additional Project Details

Operating Systems

Linux, Mac, Windows

Programming Language

Go

Related Categories

Go Security Software

Registered

2024-03-08
Report inappropriate content