Connect our GitHub app and install our GitHub integration.
Run full scans to unveil secret keys that are not supposed to be exposed within your code
Be always safe. We'll notify you immediately when a secret key is committed to any of your repositories
You revoke them immediately! Generate another key from your API provider and make sure to keep it safe this time.
Two reasons: 1. private repositories have the tendency to become public due to account owners efforts to save money on their GitHub expenses. It’s very easy to turn a private reposiory into a public one. The thing is that you never know what’s inside when you do it, so you better keep secrets off private repositories as well. 2. Code in private repositories still have wider inter-org access and exposure than other means of storing keys. Exposed keys can therefore be maliciously used by -- let’s say -- frustrated employees (or ex-employees). You shouldn’t keep the keys exposed in the code.
We currently support only GitHub but plan to support Bitbucket and GitLab going forward.
We match against hundreds of known patterns but at this stage we can’t commit to positively identifying private keys and secrets. When we find a match we mark it for you according to our algorithm severity and the job of validating whether the suspected key is indeed an exposed private key is your responsibility. We may take a leap forward in that direction in the future though.