📄️ Gitleaks
Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code.
📄️ Grype
Grype is a vulnerability scanner for container images and filesystems.
📄️ Snyk
Snyk CLI scans and monitors your projects for security vulnerabilities.
📄️ Syft
Syft is a powerful and easy-to-use open-source tool for generating Software Bill of Materials (SBOMs) for container images and filesystems. It provides detailed visibility into the packages and dependencies in your software, helping you manage vulnerabilities, license compliance, and software supply chain security.
📄️ Trivy
Trify is a comprehensive and versatile security scanner. Trivy has scanners that look for security issues, and targets where it can find those issues.
📄️ TruffleHog
TruffleHog is a is an open-source secret scanning engine that detects and helps resolve exposed secrets across your entire tech stack.