Secure your repositories
Secure your repositories
Secrets and other sensitive data like personal data are frequent findings in software development repositories. Scans made by security researchers find that 16% of repositories on GitHub contain some form of secrets
Secret Scanner
FAST, SIMPLE AND EFFECTIVE MITIGATION OF POTENTIAL SECURITY ISSUES.

Features
Features
Continuous scanning of commits based on rulesets that fits your organization, with filter system for whitelisting of matches and extendable filter system that enables secret validation against password managers.
- Configurable alert system
- Web ui for manual whitelisting of secrets
- Everything packaged in containers for simple deployment
- Simple configuration. Configure once per azure devops project.
- Supports both on prem and cloud azure devops installations


Simple set up
Simple set up
Secret scanner is delivered with a pre-configured set of rules. With only one configuration per Azure DevOps project Secret Scanner will scan all your repositories. Even future ones.


Filter and whitelist
Filter and whitelist
Our filter architecture enables us to develop extensions that can automatically confirm or whitelist secrets. T ogether with our manual Whitelisting functionality you have the possibility to implement an aggressive scanner ruleset and whitelist false positives.The explicit possibility to whitelist per repository, file and rule minimize the risk of secrets getting whitelisted by mistake.


Alert
Alert
When secrets are found the system triggers an automatic alert. The alert method is configurable and extendable. Alert recipients are also configurable. Out of the box you can configure Secret Scanner to alert by mail or to Splunk ... or both.
