How to run Secret Scan

Modified on Fri, 31 May 2024 at 09:54 PM

Introduction


Secret scanning tools comb through codebases, detecting patterns and signatures associated with known secrets, and alerting developers to potential vulnerabilities.  


This guide details how to initiate and complete an SECRET scan on the platform.


Prerequisites:


  1. You should be signed in with CloudDefense.ai. If not, please refer to our guide on creating a CloudDefense.ai account.


  • CloudDefense CLI 

  • Gitleaks


Steps


To scan for secrets we need to pass “--no-git” flag from the CLI like,


// Some codecdefense full --api-key=6262fe7f-1434-2711-78fa-268ce4187339 --path=/opt/secretsandstuff --project-name=leaks --no-git


In the above command we pass our api-key, with the project path to scan and –no-git to include secret scans.


Once scans finish we can look the data in UI


And once expanded ,we can see our data

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article