useful credential checkers
- I came across useful credential checkers that can be used in sqa repo ( or be suggested as best practices in general). At the moment, gitleak is the choose credential checker for this repo but there are quite more tools that might vary per use depending on the type of software(type of programming language, used services, ...) we might need to consider in the future. Some of them, we can specifically be integrated as part of best practices
- gitleak to find strings such as password, email in config, or JSON formats.
- github secret scanning scans repositories to find accidentally committed secrets
- git secrets: scans a file or a folder recursively for secret and widely used to prevent committing AWS keys ( it is developed by AWS labs)
- trufflehog: look for secrets using regex and entropy and it display a console report
- gitrob: search for potentially sensitive files that are pushed to public repositories on Github.
- repo security scanner: a command line tool that to find passwords, tokens, private keys, and other secrets that are committed to a git repository
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information