japentaca
commented
7 months ago I think the objetive of this tool is for development environments, where secrets are known from the same people who will get the results from the tool. Anyway, some kind of redaction dictionary functionality would be good.
To preface - this tool is awesome, however a suggestion for improvement -- it seems the app properly recognizes authorization / security schemes based on:
However, I think given it recognizes this, it should obfuscate, omit, or remove the actual secret it intercepts (in this case a bearer token):
Assuming someone had GHAS or other security scanning turned on, it would get caught, but if someone blindly committed the output documentation and didn't have this kind of scanning, they could have a bad time (especially in a public repo).