Keeping hardocded secrets in your code or other assets of your organization is a vulnerability that may lead to exploitation. Spectral Secrets scanning helps you avoid hardcoding and sharing secrets in your assets with over 2500 built-in rules, including certificates, PEM files, API keys, passwords and much more.
Running Spectral secret scan is easy:
If you'd like to see more results to maximize coverage:
spectral scan --include-tags base,audit,audit3
You can write your own custom rules to catch secrets we don't yet support or secrets that are specific to your domain. To learn how to write your own rules take a look here. For centrilized custom rules read here.
Updated 12 months ago