Prevent credential leaks before they happen. Scan your code for exposed secrets in seconds.

A lightweight, privacy-first secrets scanner that runs entirely in your browser. Detect API keys, passwords, tokens, and other sensitive credentials before they leak into your repository.

79% of developers have accidentally committed secrets to repositories - and it only takes minutes for automated bots to discover and exploit them.

GitGuard helps you:

• ✅ Catch secrets before they're committed
• ✅ Scan code locally with zero data transmission
• ✅ Support 50+ credential types and platforms
• ✅ Export findings for compliance reports
• ✅ No installation or setup required

Visit: https://yourusername.github.io/gitguard

git clone https://github.com/yourusername/gitguard.git
cd gitguard
open index.html

# GitHub Actions example
- name: Scan for secrets
  run: |
    curl -o scanner.html https://raw.githubusercontent.com/yourusername/gitguard/main/index.html
    # Add headless browser scanning

Copy and paste code from any file, commit, or configuration

Drag and drop multiple files (.env, .js, .py, .yml, etc.)

See detected secrets organized by severity with exact line numbers

Download findings as JSON or CSV for documentation

• MySQL connection strings
• PostgreSQL URLs
• MongoDB connection strings
• Redis passwords
• Database passwords

• JWT tokens
• OAuth tokens
• Session tokens
• API authentication headers
• Bearer tokens

• RSA private keys
• EC private keys
• OpenSSH private keys
• PGP private keys
• Certificate files

• NPM tokens
• PyPI tokens
• Docker Hub tokens
• Maven credentials
• Composer auth tokens

• Facebook access tokens
• Twitter API keys
• LinkedIn tokens
• Instagram tokens

Total: 50+ Detection Patterns

• ✅ 100% Client-Side - Your code never leaves your browser
• ✅ No Server - Nothing is uploaded or stored
• ✅ No Analytics - We don't track anything
• ✅ No Accounts - Use immediately, no sign-up

• 🔍 Regex Patterns - Industry-standard detection rules
• 🎯 Context-Aware - Reduces false positives
• 📊 Severity Ratings - Critical, High, Medium, Low
• 🔢 Line Numbers - Exact location of each finding

• 💻 Multiple Input Methods - Paste, upload, or drag-and-drop
• 📁 Multi-File Support - Scan entire directories
• 📤 Export Options - JSON and CSV formats
• 🎨 Clean Interface - Intuitive and professional

• 👁️ Blur by Default - Secrets are hidden until revealed
• 🚨 Instant Alerts - Critical findings highlighted
• 📋 Copy Protection - Easy to copy for rotation
• 🔒 No History - Scans are not logged

// ❌ CRITICAL - AWS Credentials Detected
const AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE";
const AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";

// ❌ CRITICAL - Stripe Secret Key
const stripe = require('stripe')('sk_live_4eC39HqLyjWDarjtT1zdp7dc');

// ❌ HIGH - Database Connection String
const DB_URL = "postgres://admin:password123@localhost:5432/mydb";

// ❌ HIGH - OpenAI API Key
const openai = new OpenAI({ apiKey: 'sk-proj-abc123xyz789' });

// ✅ SAFE - Environment Variable Reference
const apiKey = process.env.API_KEY;

1. Never commit secrets to version control
2. Use environment variables for all credentials
3. Scan before committing with pre-commit hooks
4. Rotate immediately if a secret is exposed
5. Use secret managers (AWS Secrets Manager, HashiCorp Vault)

• Run GitGuard before every commit
• Scan dependencies and third-party code
• Check configuration files regularly
• Review .env files before sharing
• Audit old commits for historical leaks

If you find exposed secrets:

1. ⚠️ Revoke immediately - Don't wait
2. 🔄 Rotate credentials - Generate new keys
3. 🔍 Check logs - See if they were accessed
4. 📝 Document incident - Track for compliance
5. 🛠️ Fix process - Prevent recurrence

#!/bin/bash
# .git/hooks/pre-commit

# Scan staged files for secrets
STAGED_FILES=$(git diff --cached --name-only)

for file in $STAGED_FILES; do
    if grep -qE 'AKIA[0-9A-Z]{16}|sk-[a-zA-Z0-9]{20,}' "$file"; then
        echo "❌ Potential secret detected in $file"
        echo "Run GitGuard to review before committing"
        exit 1
    fi
done

Create a task in .vscode/tasks.json:

{
  "label": "Scan for Secrets",
  "type": "shell",
  "command": "open https://yourusername.github.io/gitguard",
  "problemMatcher": []
}

name: Secret Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Scan for secrets
        run: |
          # Add your scanning logic here
          echo "Scanning for secrets..."

According to recent studies:

• 73% of Fortune 500 companies have leaked secrets
• 3 minutes average time for exposed AWS keys to be exploited
• $4.24M average cost of a data breach in 2023
• 2,500+ GitHub commits with secrets every hour

Don't be a statistic. Scan with GitGuard.

We welcome contributions! Here's how:

{
    name: 'Service Name',
    category: 'Category',
    regex: /your-pattern-here/g,
    severity: 'critical|high|medium|low',
    example: 'example-key-format'
}

• 🐛 Bug reports
• ✨ Feature requests
• 📚 Documentation improvements
• 🎨 UI/UX suggestions

1. Fork the repository
2. Create feature branch (git checkout -b feature/new-pattern)
3. Test your changes thoroughly
4. Commit with clear messages
5. Push and create PR

• Custom pattern builder
• Historical git commit scanning
• Chrome/Firefox extension
• CLI version for terminal use
• Integration with popular IDEs

• AI-powered false positive reduction
• Automatic secret rotation suggestions
• Team collaboration features
• Compliance reporting (SOC2, ISO 27001)

• Real-time scanning as you type
• Integration with secret managers
• Automated remediation workflows
• Enterprise features

MIT License - Free for commercial and personal use

Copyright (c) 2024 Your Name

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software.

Built with inspiration from:

• TruffleHog - Git secret scanner
• GitLeaks - Secret detection tool
• OWASP - Security best practices
• The open-source security community

• Issues: GitHub Issues
• Discussions: GitHub Discussions
• Email: [email protected]
• Twitter: @gitguard

GitGuard is a detection tool, not a prevention system. While it detects many common secret patterns, it cannot guarantee 100% accuracy. Always:

• Review findings manually
• Use in combination with other security tools
• Follow security best practices
• Never commit real secrets to test the scanner

1. Scan daily - Make it part of your workflow
2. Educate your team - Share this tool with colleagues
3. Automate scanning - Add to CI/CD pipeline
4. Keep patterns updated - New services emerge constantly
5. Report false positives - Help us improve

• OWASP Secrets Management Cheat Sheet
• GitHub Secret Scanning
• AWS Security Best Practices

• git-secrets - Prevents commits with secrets
• detect-secrets - Enterprise tool by Yelp
• SecretLint - Pluggable linting tool

Remember: The best time to scan for secrets was before your first commit. The second best time is now.

⭐ Star this repo if it saved you from a security incident!