SecretScanner is a standalone security tool designed to identify and locate sensitive data within container images and host filesystems. The tool operates by scanning file contents and matching them against a comprehensive database containing approximately 140 different types of secrets and sensitive information patterns. The scanner can detect various forms of unprotected secrets including passwords, AWS access keys, AWS secret access keys, Google OAuth keys, and other authentication credentials that may be inadvertently exposed in code repositories, configuration files, or container images. SecretScanner functions as both a container security tool and a filesystem analysis utility, making it suitable for DevSecOps workflows and security auditing processes. The tool helps organizations identify potential security vulnerabilities caused by hardcoded secrets or improperly stored credentials that could be exploited by attackers. The scanner's database covers a wide range of secret types commonly found in enterprise environments, enabling comprehensive detection of sensitive data across different platforms and services. This makes it useful for security teams conducting regular audits of their infrastructure and development environments.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
A community-driven repository and development framework for creating custom automation activities within the Ayehu NG IT orchestration platform.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
Incident response and case management solution for efficient incident response and management.
Fast Intercept is a security automation platform that empowers users to maximize their existing security products and automate routine tasks.
Cortex XSOAR is a comprehensive SOAR platform that automates and standardizes security processes for faster response times and increased team productivity.
Shuffle is a platform for automating security workflows with confidence, offering templates, collaboration tools, and a large app library.
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.