Skip to content

Secret Scanning

Easy — everyone uses thisSecurity

ELI5 — The Vibe Check

Secret Scanning checks your code for accidentally committed passwords, API keys, and tokens. Pushed your AWS key to GitHub? Secret Scanning catches it and alerts you (or auto-revokes it). It's like a metal detector at the airport, but for credentials in your code.

Real Talk

Secret scanning analyzes Git repositories for accidentally committed credentials, API keys, tokens, and other secrets. GitHub's native secret scanning detects patterns from partner providers and can auto-revoke leaked tokens. Tools like GitLeaks, TruffleHog, and detect-secrets provide additional coverage.

Show Me The Code

# Run gitleaks locally
gitleaks detect --source . --verbose

# In CI
gitleaks detect --source . --report-format json --report-path report.json

When You'll Hear This

"Secret scanning caught an API key in a test fixture before it reached main." / "GitHub auto-revoked the AWS key 30 seconds after it was pushed."

Related Terms

API Key Rotation

API Key Rotation is regularly replacing your API keys with new ones. Like changing passwords, but for machine-to-machine authentication.

intermediateSecurity

Credential Rotation

Credential Rotation is the practice of regularly changing ALL your secrets — database passwords, API keys, certificates, tokens.

intermediateSecurity

Pre-Commit Hooks

Pre-commit hooks are scripts that run automatically before every Git commit.

beginnerCI/CD & DevOps

SAST

SAST scans your source code for security bugs WITHOUT running it.

intermediateSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.