Secret Detector

Gold CertifiedTLP:CLEAR

Automatically detect and prevent secrets from being committed to your repository.

by DCYFRv1.2.012.5k downloadsUpdated February 20, 2026

About

Secret Detector is a comprehensive security tool that scans your codebase for exposed secrets, API keys, credentials, and sensitive data patterns.

It provides real-time detection with 200+ built-in patterns for common secrets, custom rule support, pre-commit hooks, entropy analysis, and allowlisting for false positives.

Install the plugin via the DCYFR CLI, configure patterns in .secretdetector.json, run scans manually or enable automatic scanning, review and fix detected secrets, and add allowlist entries for false positives.

Features

Real-time secret detection
200+ built-in detection patterns
Custom pattern support
Git pre-commit integration
Entropy analysis
Allowlisting for false positives
CI/CD pipeline integration
Detailed reporting

Software Bill of Materials (SBOM)

Last scanned: February 28, 2026

No vulnerabilities detected

Package	Version	License
fast-glob	3.3.2	MIT
micromatch	4.0.5	MIT
chalk	5.3.0	MIT
zod	3.22.4	MIT

Audit History

Security AuditFebruary 10, 2026

DCYFR Security Team • 0 findings

PASS

Code ReviewJanuary 15, 2026

External Auditor • 2 findings

PASS

Certification RenewalDecember 1, 2025

DCYFR Cert Authority • 0 findings

PASS

Penetration TestSeptember 20, 2025

SecureAudit Inc. • 1 finding

PASS