Alternative tools

Question

Alternative tools

Closed this issue 3 years ago · 6 comments

Just found a bunch of additional alternatives to add to the README:

Answer 1 · 2022-04-20T06:17:58.000Z

Thanks for sharing those! I was aware of git-secrets but not repo-security-scanner. However I wouldn't want to recommend either based on my understanding of what they do.

git-secrets doesn't come pre-programmed with a set of common secrets except for a few AWS specific ones, so it's going to miss a lot of common secret types unless each user spends time configuring it.

From what I can tell repo-security-scanner is just scanning filenames, not file contents, so it's not technically doing the same thing.

Answer 2 · 2022-04-20T07:47:42.000Z

Fair enough. :)

Answer 3 · 2022-04-20T11:54:33.000Z

👋🏻 I maintain gitleaks which is a comparable tool. Nice work!

https://github.com/zricethezav/gitleaks

Answer 4 · 2022-04-20T15:09:21.000Z

@zricethezav I was not aware of gitleaks, just added!

Answer 5 · 2022-04-20T20:11:17.000Z

From hacker news: https://github.com/GitGuardian/ggshield

Answer 6 · 2022-04-21T03:04:15.000Z

I took a look at ggshield and decided not to add it since it required an API key to use. I'm not opposed to commercial products but probably not the same class as the other recommended tools.