Secrets Scanning

Keeping hardocded secrets in your code or other assets of your organization is a vulnerability that may lead to exploitation. Spectral Secrets scanning helps you avoid hardcoding and sharing secrets in your assets with over 2500 built-in rules, including certificates, PEM files, API keys, passwords and much more.

Running Spectral secret scan is easy:

spectral scan

If you'd like to see more results to maximize coverage:

spectral scan --include-tags base,audit,audit3

You can write your own custom rules to catch secrets we don't yet support or secrets that are specific to your domain. To learn how to write your own rules take a look here. For centrilized custom rules read here.