[addtool] SecretScanner
Closed this issue · 2 comments
[tags]containers,secrets,kubernetes[/tags]
[short_descr]Find secrets and passwords in container images and file systems.[/short_descr]
[link] https://deepfence.io [/link]
[link] https://github.com/deepfence/SecretScanner [/link]
[long_descr]
Deepfence SecretScanner can find unprotected secrets in container images or file systems.
- SecretScanner is a standalone tool that retrieves and searches container and host filesystems, matching the contents against a database of approximately 140 secret types.
- SecretScanner is also included in ThreatMapper, an open source scanner that identifies vulnerable dependencies and unprotected secrets in cloud native applications, and ranks these vulnerabilities based on their risk-of-exploit.
Use SecretScanner if you need a lightweight, efficient method to scan container images and filesystems for possible secrets (keys, tokens, passwords). You can then review these possible 'secrets' to determine if any of them should be removed from production deployments.
[/long_descr]
[image] https://raw.githubusercontent.com/gwen001/offsectools_www/main/tmp/246651b11f191945b166ea162258405e.png [/image]
Issue correctly handled, tool is waiting for human validation.
Tool has been accepted by the team: https://offsec.tools/tool/secretscanner
Thank you for your contribution!