Releases: AMOSFinds/secrets-scanner
Secrets Scanner v1.1.0 — Community Feedback Release
New Features
Generic JWT & Password Detection
The scanner now detects:
JWTs (header.payload.signature)
generic API tokens
accidental plaintext passwords
suspicious KEY=value patterns
high-entropy secrets
This closes a major gap in early provider-pattern–only scanners.
.secrets-policy.json Support
Per-repo configuration now supported:
{
"ignore_patterns": ["tests/**"],
"fail_on_severity": ["HIGH"],
"false_positives": {
"env/dev.env": ["12345-fake"]
}
}
Supports:
ignore patterns
custom failure thresholds
false-positive exceptions
local overrides
SARIF Output
Generate SARIF for GitHub / GitLab / CI dashboards:
python -m app.cli --all --sarif results.sarif
Cleaner CLI & UX Improvements
Redacted snippets
Better severity handling
Better exit codes for CI
Baseline mode enhancements
Installation
git clone https://github.com/AMOSFinds/secrets-scanner
cd secrets-scanner
python -m app.cli --staged
Links
Repo: https://github.com/AMOSFinds/secrets-scanner
Live UI Demo: https://secrets-scanner-jlw2.onrender.com/
Feedback Welcome
If you have ideas or want to propose detection patterns, policy features, or integrations - PRs and discussions are open!
v0.1.0 – Local CLI & Pre-Commit
First public release of Secrets Scanner
- Web UI + OAuth + Slack alerts
- Local CLI & pre-commit prevention
- Config support (.secrets-scanner.json)
- Improved default excludes