detect-secrets
« Back to VersTracker
Description:
Enterprise friendly way of detecting and preventing secrets in code
Type: Formula  |  Latest Version: 1.5.0@5  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security secret-detection devops python ci-cd
Install: brew install detect-secrets
About:
detect-secrets is a Python-based tool designed to scan codebases for hardcoded secrets like passwords, API keys, and tokens. It uses a plugin-driven framework with heuristics to identify potential leaks while minimizing false positives. The tool integrates into CI/CD pipelines to prevent new secrets from being committed, supporting a baseline feature to manage existing findings.
Key Features:
  • Plugin-driven architecture for customizable secret detection
  • Baseline feature to audit and ignore pre-existing secrets
  • Auditor support for manual review and validation of findings
  • Pre-commit hooks for preventing secrets in version control
Use Cases:
  • Scanning repositories for accidental secret exposure during development
  • Integrating into CI/CD pipelines for automated security checks
  • Auditing legacy codebases to identify and remediate hardcoded credentials
Alternatives:
  • truffleHog – detect-secrets focuses on customizable heuristics and baselines for reduced false positives, while truffleHog offers entropy-based scanning with broader regex patterns.
  • gitleaks – detect-secrets is Python-native and CI-focused, whereas gitleaks is Go-based and excels at Git history scanning.
License: Apache-2.0
Dependencies: certifi, libyaml, python@3.14
Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, sonoma, arm64_linux, x86_64_linux
Version History
Detected Version Rev Change Commit
Sep 15, 2025 8:34am 4 VERSION_BUMP 2a5fda60
Oct 12, 2024 11:15am 2 VERSION_BUMP 66b1584b
Sep 12, 2024 4:54pm 2 VERSION_BUMP 6b2fb7e3
« Back to VersTracker  |  Browse Packages  |  About