https://github.com/outscale/cred-scan

Scan for leaked AK/SK
https://github.com/outscale/cred-scan

Last synced: 7 months ago
JSON representation

Scan for leaked AK/SK

• Host: GitHub
• URL: https://github.com/outscale/cred-scan
• Owner: outscale
• Created: 2022-03-09T13:11:54.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2023-04-07T10:23:38.000Z (almost 3 years ago)
• Last Synced: 2025-03-16T05:31:54.086Z (12 months ago)
• Language: Shell
• Homepage:
• Size: 38.1 KB
• Stars: 1
• Watchers: 5
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSES/BSD-3-Clause.txt

Awesome Lists containing this project

README

          
# Credential Scanner

[![Project Graduated](https://docs.outscale.com/fr/userguide/_images/Project-Graduated-green.svg)](https://docs.outscale.com/en/userguide/Open-Source-Projects.html)

This small bash script will scan for leaked [Access Keys or Secret Keys](https://docs.outscale.com/en/userguide/About-Access-Keys.html) in a folder.

# Usage

Just provide the folder to scan (recursively):

Example

```

./scan.sh FOLDER_PATH

```

# Features

- Skip binary files

- Search for:

  - Access Keys (20 capital alphanumeric random string)

  - Secret Keys (40 capital alphanumeric random string)

- Special Access Keys are ignored:

  - `ABCDEFGHIJ0123456789`

  - `0123456789ABCDEFGHIJ`

- Access Keys withs less than 3 digits or less than 3 capital alphabetic characters are ignored.

- Secret Keys with less than 5 digits or less than 5 capital alphabetic characters are ignored.

# Contributing

Feel free to open an issue for discussion.

`./tests/tests.sh` to run tests.

# Using scanner in Github actions

## Description

This Github action allows you to scan for leaked credentials.

See [action.yml](action.yml)

## Inputs

| Parameter           | Description                                                           | Required | Default   |

| :------------------ | :-------------------------------------------------------------------- | :------- | :-------- |

| `scan_path`         | Folder to scan                                                        | `true`   | `"./"`    |

## Output

N/A

## Example

- Create workflow folder: `mkdir -p .github/workflows`

- Add new workflow `.github/workflows/cred-scan.yml`:

```yaml

name: Credential Scanner

on:

  pull_request:

    branches: [ master ]

jobs:

  cred-scan:

    runs-on: ubuntu-20.04

    steps:

    - uses: actions/checkout@v2

    - name: Scan credentials

      uses: outscale-dev/cred-scan@main

      with:

        scan_path: "./"

```

# License

> Copyright Outscale SAS

>

> BSD-3-Clause

`LICENSE` folder contain raw licenses terms following spdx naming.

You can check which license apply to which copyright owner through `.reuse/dep5` specification.

You can test [reuse](https://reuse.software/.) compliance by running:

```

docker run --rm --volume $(pwd):/data fsfe/reuse:0.11.1 lint

```