S
Secret Scanning
Secret scanning detects accidentally committed secrets like API keys and passwords in code repositories.
What is Secret Scanning?
Secret scanning automatically detects hardcoded secrets like API keys, passwords, tokens, and private keys in source code repositories, preventing credential exposure.
Secret Scanning Features
Pattern detection, Push prevention, Alert notification, Automatic revocation partnerships.
Common Misconceptions
- "Scanning after commit is enough" - Pre-commit hooks better
- "Private repos don't need scanning" - Insiders and breaches
- "Removing secret from code removes it" - Git history retains