|
|
|
|
|
|
by micksmix
38 days ago
|
|
|
This is also a good reminder to scan CI logs, not just source code. Shameless plug: I work on Kingfisher, an Apache 2.0 OSS secret scanner and validator written in Rust, that can also map blast radius and revoke many creds: <https://github.com/mongodb/kingfisher> It can scan repos, history, and artifacts and validate many findings against provider APIs, as well as revoke many exposed tokens directly from the CLI. Also generates a blast-radius/access-map view so you can see what a leaked credential could reach. Install: brew install kingfisher
# or
uv tool install kingfisher-bin
Scan a local path: kingfisher scan /path/to/scan --access-map --view-report
Or scan a GitHub/GitLab repo directly: kingfisher scan https://github.com/path/to/repo.git --access-map --view-report
|
|
|