Technology Radar
Published : Apr 26, 2023
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Apr 2023
Trial
Gitleaks 是一个开源 SAST(静态应用安全测试)命令行工具,用于检测 Git 仓库以防止把密码、API 密钥和访问令牌等机密信息硬编码到代码中。它可以用于 Git 的 pre-commit hook 和 CI/CD 流水线。我们团队发现,Gitleaks 比其他一些密码扫描工具更灵敏。Gitleaks 使用正则表达式和 entropy coding 字符串编码检测机密信息。在我们的经验中,entropy coding 提供了灵活的自定义正则表达式,允许团队基于他们的需求对机密信息进行更好的分类。例如,相较于把所有的API密钥笼统地归类为“通用型 API 密钥”,entropy coding 允许把密钥归类到“云服务提供商密钥”这种特定分类中。
