In the amidst of 2020 chaos, shhbt, my first open source project, was released!
I was fortunate enough to be working on this project in my application security team, and the tool empowers developers to configure a proactive secret scanner at repository level.
This is a key factor, considering other similar solutions. Another key factor is the fact keys and secrets can be added or removed, as the developer see fit, thus creating a mechanism to reduce (significantly) the amounts of false positives.
The full story was written in the Today Software Magazine’s article that came out today. If you’re looking for more details, you can find it in there, namely the full motivation, how it works, future steps and improvements, etc.
If you would like to take a look to the source code, and maybe help out feature-wise, please check the repository at https://github.com/paddypowerbetfair/shhbt.
Thank you for your time reading, I’ll see you next time. gsilvapt