TruffleHog
TruffleHog TruffleHog is the entropy-based secrets detector for Git histories and filesystems in CI, uncovering high-entropy strings like keys and creds across branches with verification endpoints for GitLab integrations. Deploy via Docker or pip for JSON outputs, scanning diffs to prevent exposures in Jenkins. Open-source from trufflesecurity, it's the hog hunter for teams templating deep leak audits in workflows.
Explore →detect-secrets
detect-secrets detect-secrets is the baseline scanner for hardcoded creds in codebases during CI, using heuristics to spot patterns like AWS keys with baseline exclusions for false positive suppression in GitLab CI. Run via pip for JSON reports, combining with pre-commit to enforce clean pushes. Open-source from Yelp, it's the secret sentinel for devs templating proactive leak prevention in repos.
Explore →Talisman
Talisman Talisman is the pre-push hook secrets validator for Git workflows in CI, blocking tokens and creds via YAML rules with entropy checks for GitHub PRs and CircleCI. Configure via CLI for custom detectors, outputting logs for quick reviews. Open-source from ThoughtWorks, it's the hook hound for teams templating instant leak blocks in daily deploys.
Explore →SecretScanner
SecretScanner SecretScanner is the container and filesystem hunter for 140+ secret types in CI, querying images and hosts for keys with JSON exports for Kubernetes scans in Azure DevOps. Run standalone or via Docker for layer-deep analysis, verifying creds to cut noise. Open-source from Deepfence, it's the image inspector for cloud pros templating runtime secret sweeps.
Explore →Whispers
Whispers Whispers is the lightweight YAML-powered secrets finder for code and configs in CI, detecting patterns like certs across langs with quiet scans for GitLab diffs and low-overhead hooks. Parse outputs for suppression, integrating into pipelines for stealthy checks. Open-source from Skidder, it's the whisper watcher for scripters templating subtle leak hunts without bloat.
Explore →Prowler