Scan for other key types?
alex opened this issue · 2 comments
This is fantastic! It's a huge service to the community (and frankly, the world).
How hard do you think it'd be to extend to cover other key types? I'm not quite sure what the next highest priority would be, but based on the number of key types Github's Secret Scanning supports, there's a lot of other stuff people accidentally ship :-(
Hey Alex!
It wouldn't be too difficult, depending on the specifics of the keys.
As I understand it, the companies working with GitHub sometimes share internal, non-public information about how the keys are constructed. This lets the regular expressions be a lot more targeted and reduce false positives.
I wonder... maybe a better alternative to doing it ourselves is to work out a way that we can actually commit PyPi code to GitHub? That would sidestep these issues and leverage all their secret scanning partners automatically.
Heh, just committing all code seems like a hammer... but possibly a functional one!
I imagine there's other services with public key formats. I believe all pypi API tokens have a pypi- prefix, that might be an interesting one for pypi.