Skip to content

Add secrets-scanner plugin for detecting leaked credentials #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
vredchenko wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add secrets-scanner plugin for detecting leaked credentials #3

vredchenko wants to merge 1 commit into from
+2,365 −0

Conversation

@vredchenko
Copy link
Owner

@vredchenko vredchenko commented Feb 2, 2026

Summary

This PR introduces a new secrets-scanner plugin that provides comprehensive capabilities for detecting leaked secrets and credentials in codebases using three industry-leading tools: gitleaks, git-secrets, and TruffleHog.

Key Changes

  • Plugin Registration: Added secrets-scanner entry to .claude-plugin/marketplace.json

  • Plugin Metadata: Created plugins/secrets-scanner/.claude-plugin/plugin.json with plugin configuration

  • Comprehensive Documentation: Added detailed README covering:

    • Overview of all three supported tools with feature comparison
    • Quick start guide for installation and scanning
    • Recommended security strategy (layered approach)
    • Configuration examples for each tool
    • Version information and resource links

  • Command Documentation: Created detailed guides for 8 commands:

    • /secrets-scanner:scan-gitleaks - Scan with gitleaks
    • /secrets-scanner:scan-git-secrets - Scan with git-secrets
    • /secrets-scanner:scan-trufflehog - Scan with TruffleHog
    • /secrets-scanner:scan-all - Run all three tools for maximum coverage
    • /secrets-scanner:compare - Compare tools to help choose the right one
    • /secrets-scanner:ci-setup - Set up GitHub Actions workflows
    • /secrets-scanner:install - Install the scanning tools
    • /secrets-scanner:configure - Configure custom rules and allowlists

Notable Implementation Details

  • Tool Comparison: Detailed feature matrix comparing gitleaks (MIT, highly customizable), git-secrets (Apache 2.0, AWS-focused), and TruffleHog (AGPL-3.0, unique verification capability)
  • Layered Security Strategy: Recommends pre-commit hooks (git-secrets), CI/CD scanning (gitleaks with SARIF), and periodic audits (TruffleHog with verification)
  • CI/CD Integration: Multiple GitHub Actions workflow examples from basic to comprehensive multi-tool setup
  • Configuration Guidance: Extensive examples for .gitleaks.toml, git config patterns, and TruffleHog exclusions
  • Installation Instructions: Platform-specific installation methods (macOS/Homebrew, Linux/binary, Docker) for all three tools
  • Execution Workflows: Step-by-step guidance for each command with practical examples and troubleshooting tips

This plugin enables developers and security teams to choose the right secret scanning tool(s) for their needs and provides complete guidance for installation, configuration, and CI/CD integration.

https://claude.ai/code/session_01VeM4EmjpXmxfcjML4hKRFA

@claude
Add secrets-scanner plugin for detecting leaked credentials
2a0573e 
This plugin provides comprehensive knowledge and capabilities for:
- Scanning repositories with gitleaks, git-secrets, and TruffleHog
- Setting up CI/CD pipelines (GitHub Actions) to guard against secret leaks
- Comparing tools to choose the right one for specific use cases
- Configuring custom detection rules and allowlists

Commands added:
- scan-gitleaks: Scan with gitleaks
- scan-git-secrets: Scan with AWS git-secrets
- scan-trufflehog: Scan with TruffleHog (includes verification)
- scan-all: Comprehensive scan with all three tools
- compare: Tool comparison guide
- ci-setup: GitHub Actions workflow setup
- install: Installation instructions
- configure: Configuration guide

Documentation includes:
- CLI references for all three tools
- Version info (gitleaks v8.30.0, trufflehog v3.92.5)
- Links to repos, releases, and official docs

https://claude.ai/code/session_01VeM4EmjpXmxfcjML4hKRFA
@vredchenko vredchenko marked this pull request as draft February 2, 2026 01:25
@vredchenko vredchenko mentioned this pull request Feb 7, 2026
Open
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vredchenko @claude