Hacker News new | past | comments | ask | show | jobs | submit login

Nice start. I notice this only scans the HEAD of the repository. Have you considered implementing functionality to go back through previous commits and check for secrets in files there? After all, once something is committed to git, even if you change the file, the old version is still there (by design, obviously).

For a more complex implementation of a solution to this problem, checkout trufflehog [0], which "searches through git repositories for high entropy strings and secrets, digging deep into commit history."

[0] https://github.com/dxa4481/truffleHog




Hi there, a feature to scan previous commits sounds awesome and I'll start working on it soon!

truffleHog also provides a sophisticated approach in detecting potential secret strings.

Thank you for the feedback! :)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: