Closed Gby56 closed 8 months ago
Hi @Gby56, could you please explain what you mean by "validity checking of detected secrets"?
Hi ! Something like Trufflehog's checks, most of them seem to be pure HTTP requests to use the token and see if it's still valid https://github.com/trufflesecurity/trufflehog/blob/main/pkg/detectors/slack/slack.go#L91
@Gby56 detect-secrets does do secret verification: https://github.com/Yelp/detect-secrets/blob/master/docs/plugins.md#Verified-Secrets Not all the plug-ins have implemented it, not as many as Trufflehog, but it wouldn't be very difficult for people to add more; the plugin framework supports it.
Thank you @gpflaum for helping out answering this issue :)
Thank you both ! :)
Just a quick question, are there any plans to implement validity checking of detected secrets ?