SecretScanner

A standalone tool that retrieves and searches container and host filesystems, matching the contents against a database of approximately 140 secret types.

Secrets are any kind of sensitive or private data which gives authorized users permission to access critical IT infrastructure (such as accounts, devices, network, cloud based services), applications, storage, databases and other kinds of critical data for an organization. For example, passwords, AWS access IDs, AWS secret access keys, Google OAuth Key etc.

Deepfence SecretScanner helps users scan their container images or local directories on hosts and outputs a JSON file with details of all the secrets found.

Use SecretScanner if you need a lightweight, efficient method to scan container images and filesystems for possible secrets (keys, tokens, passwords).

Quick Start

Install docker and run SecretScanner on a container image using the following instructions:

• Build SecretScanner: ./bootstrap.sh; docker build -t deepfenceio/deepfence_secret_scanner:latest -f Dockerfile .
• Or, pull the latest build from docker hub by doing: docker pull deepfenceio/deepfence_secret_scanner:latest
• Pull a container image for scanning: docker pull node:8.11
• Scan the container image: docker run -it --rm --name deepfence-secretscanner -v $(pwd):/home/deepfence/output -v /var/run/docker.sock:/var/run/docker.sock deepfenceio/deepfence_secret_scanner:latest -image-name node:8.11

Credits

Built upon the configuration file from shhgit project.

Get in touch

Thank you for using SecretScanner.

• Start with the documentation
• Got a question, need some help? Find the Deepfence team on Slack
• Got a feature request or found a bug? Raise an issue
• Found a security issue? Share it in confidence

> Visit Deepfence SecretScanner Website <