credential digger v4.8 releases: identifies hardcoded credentials
Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), filtering the false positive data through machine learning models. It supports Python 3.6 and works only with LINUX systems.
Credential Digger finds credentials hardcoded in a repository. The tool is composed of:
- Postgres database
- Python client
- User interface
The database is structured in the following way (arrows point to foreign keys).
The project includes 3 components: a db (sql folder), a client (credentialdigger folder), and a user interface (ui folder).
create_table.sql defines the db schema.
Note that, given the file_name and commit_hash of discovery, both the commit and the file can be accessible at addresses:
This client can be used to easily interact with the db. It offers a scanner for git repositories, based on Hyperscan (others can be implemented). Please note that the database must be up and running.
The user interface can be used to easily perform scans and flag the discoveries.
- A first version of pre-commit hook is released. The hook can be installed (also via pre-commit framework) or run as CLI.
- SqliteClient supports paths containing
credentialdiggercan now be run as a command, without the
Copyright (C) 2020 SAP