🚧 DevGuard & this page is under active development. Visit the DevGuard Repo →
ConceptsDevSecOpsSecret Scanning

Secret Scanning

ℹ️

DevGuard performs secret scanning to identify sensitive information in your codebase, such as API keys, passwords, and other credentials (based on SARIF) - Mitigation Guide

What is Secret Scanning?

Secret scanning is a security feature that helps detect and prevent the accidental inclusion of sensitive information such as API keys, passwords, tokens, and other secrets in your repository. When enabled, secret scanning scans commits in repositories for known types of secrets and alerts repository administrators upon detection.

Secret scanning scans your entire Git history on all branches present in your GitHub repository for secrets. GitHub will also periodically run a full Git history scan for new secret types in existing content in public repositories where secret scanning is enabled when new supported secret types are added.

Why is Secret Scanning Important?

  • Enhanced security: Secret scanning detects sensitive information like API keys, passwords, and tokens, helping you mitigate risks early.
  • Automated detection: Continuously scans your codebase, commits, issues, and pull requests without manual effort.
  • Real-time alerts: Instantly notifies administrators and contributors for swift remediation.
  • Service provider integration: Partners with providers to validate secrets and take actions like credential revocation.
Understanding OWASP DevSecOps PipelineSoftware Composition Analysis (SCA)