secret-detection

Solid

Detect secrets in code, git history, and running containers — pre-commit hooks, CI scanning, and incident response for exposed credentials.

AI & Automation 14 stars 3 forks Updated 3 days ago MIT

Install

View on GitHub

Quality Score: 86/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Skill: Secret Detection > **Expertise:** trufflehog, gitleaks, git-secrets, pre-commit hooks, CI scanning, secret rotation playbook. ## When to load When setting up secret scanning pre-commit or in CI, investigating a potential credential leak, or remediating secrets found in git history. ## Pre-Commit Hook Setup ```bash # Install pre-commit pip install pre-commit # .pre-commit-config.yaml repos: - repo: https://github.com/trufflesecurity/trufflehog rev: v3.88.0 hooks: - id: trufflehog name: TruffleHog — secret scan entry: trufflehog git file://. --since-commit HEAD --only-verified --fail language: system pass_filenames: false - repo: https://github.com/gitleaks/gitleaks rev: v8.21.0 hooks: - id: gitleaks name: Gitleaks — detect hardcoded secrets ``` ```bash # Install hooks for all team members (add to onboarding docs) pre-commit install pre-commit install --hook-type commit-msg # Run against all files (one-time audit) pre-commit run trufflehog --all-files pre-commit run gitleaks --all-files ``` ## CI: trufflehog (GitHub Actions) ```yaml - name: Scan for secrets (trufflehog) uses: trufflesecurity/trufflehog@main with: path: ./ base: ${{ github.event.repository.default_branch }} head: HEAD extra_args: > --only-verified --fail --format json --json-output trufflehog-results.json continue-on-error: false # hard fail - name: Upload results if: fa...

Details

Author: sawrus
Repository: sawrus/agent-guides
Created: 3 months ago
Last Updated: 3 days ago
Language: Shell
License: MIT

Integrates with

GitHub · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

secret-detection-scanner

Detect secrets, credentials, and sensitive data in code and configurations. Scan git history for secrets, detect API keys, tokens, passwords, check environment files, monitor CI/CD logs for exposure, generate remediation steps, and track secret rotation status.

1,034 Updated today

a5c-ai

Code & Development Listed

secrets-scanner

Detect and remediate leaked credentials in code and git-history — entropy/regex scanning with gitleaks/trufflehog/detect-secrets, rotate-first incident response, and pre-commit/CI gating to prevent reoccurrence.

4 Updated 1 weeks ago

roodlicht

DevOps & Infrastructure Featured

implementing-secrets-scanning-in-ci-cd

Integrate gitleaks and trufflehog into CI/CD pipelines to detect leaked secrets before deployment

12,642 Updated today

mukul975

Testing & QA Listed

secret-detection--prevention

Automated detection and prevention of leaked secrets, API keys, passwords, and tokens in code using tools like gitleaks, trufflehog, and pre-commit hooks.

127 Updated 5 days ago

PramodDutta

Code & Development Solid

secrets-gitleaks

Hardcoded secret detection and prevention in git repositories and codebases using Gitleaks. Identifies passwords, API keys, tokens, and credentials through regex-based pattern matching and entropy analysis. Use when: (1) Scanning repositories for exposed secrets and credentials, (2) Implementing pre-commit hooks to prevent secret leakage, (3) Integrating secret detection into CI/CD pipelines, (4) Auditing codebases for compliance violations (PCI-DSS, SOC2, GDPR), (5) Establishing baseline secret detection and tracking new exposures, (6) Remediating historical secret exposures in git history.

335 Updated today

aiskillstore