|
|
|
|
|
|
by chatmasta
3086 days ago
|
|
|
Nice start. I notice this only scans the HEAD of the repository. Have you considered implementing functionality to go back through previous commits and check for secrets in files there? After all, once something is committed to git, even if you change the file, the old version is still there (by design, obviously). For a more complex implementation of a solution to this problem, checkout trufflehog [0], which "searches through git repositories for high entropy strings and secrets, digging deep into commit history." [0] https://github.com/dxa4481/truffleHog |
|
|
truffleHog also provides a sophisticated approach in detecting potential secret strings.
Thank you for the feedback! :)