We've all done it: pasted an API key into a file "just to test," then a week later it's in your git...
We've all done it: pasted an API key into a file "just to test," then a week later
it's in your git history, a screenshot, or a livestream. Most secret scanners —
gitleaks, trufflehog — run in CI, after the secret is already committed.
So I built Secret Guardian, a VS Code extension that catches secrets live, in
the editor, the moment they appear — and visually masks them so they never show
Most developers know they shouldn't commit API keys. Most secret scanners will catch an AWS key...
A teammate pastes an AWS access key into a PR comment to "debug quickly." Another commits...
There's an irony in most "paste your config to check for leaked secrets" web tools: pasting a secret...
The pull request looked clean. The tests were green, the diff was small, and the commit message was...
Alerts are more trustworthy and actionable when noise is reduced. See how we improved the verification step with context-aware…
Introducing truffle-scan — an open-source, deterministic security scanner that detects hardcoded credentials, SQL injection, code…
