Infisical is the open-source platform for secrets management, PKI, and SSH access.

Protect your secrets using Gitleaks-Action

Scan for secrets, endpoints, and other sensitive data after decompiling and deobfuscating Android files. (.apk, .xapk, .dex, .jar, .class, .smali, .zip, .aar, .arsc, .aab, .jadx.kts).

Examples of Custom Secret Scanning Patterns

Official TruffleHog Burp Suite Extension. Scan Burp Suite traffic for 800+ different types of secrets (API keys, passwords, SSH keys, etc) using TruffleHog.

collectvars collects JavaScript variables, highlights risky ones, and helps you understand code structure, while you casually browse.

A community-led project that aims to scan published Repls to find secrets and invalidate them.

A curated list of awesome GitHub Advanced Security secret scanning resources.

Open Source ASPM Platform

Testing Suite for GitHub Secret Scanning Custom Patterns

Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

A repo full of secrets. This is designed to test SAST secret scanning tools.

Automate GitHub secret protection custom patterns

Multi-cloud xSPM platform to scan, visualize, and remediate security risks across cloud, containers, and Kubernetes environments.

Secrets that were found by the Replit Token Scanner are dumped here for revocation.

Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

An advanced secret scanning tool designed to identify sensitive information, such as API keys and tokens within your given urls.

GHAS for Developers Course

A GitHub Action that maps GHAS alerts states between two repos. Useful when migrating repositories.

A script used to replicate the state of alerts between two identical secret scanning custom patterns set at different levels