credential digger v4.9 releases: identifies hardcoded credentials

Credential Digger

Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), filtering the false positive data through machine learning models. It supports Python 3.6 and works only with LINUX systems.

Architecture

Credential Digger finds credentials hardcoded in a repository. The tool is composed of:

• Postgres database
• Python client
• User interface

Database

The database is structured in the following way (arrows point to foreign keys).

Project structure

The project includes 3 components: a db (sql folder), a client (credentialdigger folder), and a user interface (ui folder).

sql

create_table.sql defines the db schema.

Note that, given the file_name and commit_hash of discovery, both the commit and the file can be accessible at addresses:

credentialdigger

This client can be used to easily interact with the db. It offers a scanner for git repositories, based on Hyperscan (others can be implemented). Please note that the database must be up and running.

ui

The user interface can be used to easily perform scans and flag the discoveries.

Changelog v4.9

New features

• Add the possibility of scanning pull requests with scan_pull_request method.
  All the new lines introduced (i.e., either added or modified) will be scanned
• Integrate the new features in CLI with scan_pr command
• Write tests and add documentation for the new features

Install & Use

Copyright (C) 2020 SAP