Software
We've compiled a list of 8 free and paid alternatives to Gitleaks. The primary competitors include truffleHog, Repo-supervisor. In addition to these, users also draw comparisons between Gitleaks and GitGuardian, yara4pentesters, Yelp's detect-secrets. Also you can look at other similar options here: Development Tools.
We've compiled a list of 8 free and paid alternatives to Gitleaks. The primary competitors include truffleHog, Repo-supervisor. In addition to these, users also draw comparisons between Gitleaks and GitGuardian, yara4pentesters, Yelp's detect-secrets. Also you can look at other similar options here: Development Tools.
Searches through git repositories for secrets, digging deep into commit history and branches.
Serverless tool that detects secrets and passwords in your pull requests - one file at a time
rules to identify files containing juicy information like usernames, passwords etc.
detect-secrets is an aptly named module for (surprise, surprise) detecting secrets within a code...
Prevents you from committing secrets and credentials into git repositories.
CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys.
Audit git repos for secrets 🔑
Audit git repos for secrets 🔑
Linux
Mac
Windows
Audit git repos for secrets. Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git source code repositories. As part of it's core functionality, it provides;
Github and Gitlab support including support for bulk organization and repository owner (user) repository scans, as well as pull request scanning for use in common CI workflows.
Support for private repository scans, and repositories that require key based authentication
Output in CSV and JSON formats for consumption in other reporting tools and frameworks
Externalised configuration for environment specific customisation including regex rules
Customizable repository name, file type, commit ID, branch name and regex whitelisting to reduce false positives
High performance through the use of src-d's go-git framework
It has been successfully used in a number of different scenarios, including;
Adhoc scans of local and remote repositories by filesystem path or clone URL
Automated scans of github users and organizations (Both public and enterprise platforms)
As part of a CICD workflow to identify secrets before they make it deeper into your codebase
As part of a wider secrets auditing automation capability for git data in large environments.
Share your opinion about the software, leave a review and help make it even better!
Suggest Changes
Your Feedback
Your vote has been counted.
Do you have experience using this software?
