A Python CLI tool that scans all repositories owned by a GitHub user/org for accidentally committed secrets (API keys, tokens, passwords, private keys, etc.).

convert secret patterns to gf compatible.

Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more

ReleaseGuard is an open-source artifact policy engine and hardening suite. It scans, transforms, obfuscates, attests, and verifies release artifacts before they ship across every build ecosystem.

This GitHub Action allows you to run Gitleaks in your GitHub workflow.

The Clutch VS code extension allows any user to scan for secrets in his/hers open workspace automatically within the IDE

A secret scanner wrapper to aggregate results across multiple secret scanning tools

A sarcastic list of secret scanners

GitHub Action that wraps Yelp/detect-secrets and provides an enterprise friendly way of detecting and preventing secrets in code.

The guardian of your Pull Requests. She decides what gets to merge.

A blazing fast secret-hunting tool for bug bounty hunters and security enthusiasts.

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Secrets Management Process in Cybersecurity.

Secrets scanner with pattern matching, entropy analysis, and live validation

SecretKeeper is a tool for detecting secrets and misconfigurations on your Git repositories (Bitbucket and GitHub).

noLeak, scans your entire Git history, identifies potential leaks (API keys, tokens, etc.), and provides an interactive wizard to permanently purge them from your repository.

🔍 Scan MCP (Model Context Protocol) configs for hardcoded secrets, leaked API keys, and security misconfigurations

Lightweight, DevSecOps-friendly secret scanner with SARIF & Pre-commit support. Detects API keys, tokens, and passwords with entropy analysis.

ContractGuard helps developers catch security and reliability issues directly inside VS Code. It analyzes common project file types, flags risky patterns such as secrets, unsafe SQL, complex regex, and insecure configuration, and presents results through diagnostics, a findings view, status bar scoring, and SARIF export

Detects hardcoded secrets in .NET source and git history; reports location only, never values. Ships as a CLI, an MCP server for Claude Code, and a NuGet library.

OWASP injection-detection middleware (FastAPI) + secrets scanner. Hero: 100% recall at 0% false-positive rate (F1 = 1.0) on a 45-sample labeled corpus. Pre-commit hook that blocks committed credentials.