Skip to content
/ secret-scanner Public

Secret Scanner detects hardcoded secrets like API keys and credentials in code. It uses a fast C++ engine and offers both CLI and a VS Code extension for easy use.

License

Apache-2.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

drona-gyawali/secret-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
.github/workflows
.github/workflows
 
 
scanner-core
scanner-core
 
 
scanner-extension
scanner-extension
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

This project has been developed as a part of my second semester academic curriculum under the course Object-Oriented Programming with C++.

Secret Scanner

Secret Scanner is an advanced security toolkit designed to detect hardcoded secrets like API keys, tokens, and credentials in your source code. It combines a powerful C++ scanning engine (scanner-core) with a user-friendly Visual Studio Code extension (scanner-extension) to provide both CLI and GUI interfaces.

Why Two Parts?

  • scanner-core is written in C++ for performance. It can be used independently in CI/CD, Docker, or custom tooling.
  • scanner-extension is a VSCode extension that uses the core scanner as a backend. It gives developers a seamless in-editor experience.

Getting Started

📦 Install Scanner Core (CLI Tool)

To use the secret scanner from the command line or within the VSCode extension, you need to install scanner-core globally.

Step 1: Build the Tool

git clone https://github.com/drona-gyawali/secret-scanner.git
cd secret-scanner
mkdir build && cd build
cmake ..
make

Step 2: Make It Global

cd build/scanner-core
sudo cp secret_scanner /usr/local/bin/

Now you can run it globally:

secret_scanner --help

Examples:
  ./scanner                   # Scan current 'src/' directory
  ./scanner /path/to/code     # Scan specific directory
  ./scanner .                 # Scan current directory
  ./scanner ../project        # Scan relative path

Note: The instructions provided here are for Linux systems. If you are using Windows, please configure the build process accordingly based on your operating system’s CMake and compiler tools.

Install VSCode Extension

Note: Currently supported only on Linux and macOS. Prebuilt binaries are provided for these platforms. For windows setup the project and run locally.

You can install the VS Code extension from the Marketplace:

Install Secret Scanner Pro from Marketplace

To see how to use it in VS Code, refer to the scanner-extension/README.md or Usage Section.

Features

  • Detect common secret patterns (AWS keys, tokens, credentials, etc.)
  • Scan files, folders, or entire workspaces
  • Inline results with severity levels
  • CLI + VS Code support
  • Auto scan on save (optional)
  • Lightweight, fast C++ core

Tests

To run unit tests for the C++ core:

ctest

For the extension:

cd scanner-extension
npm install
npm test

Feedback & Issues

Found a bug or want a feature? Open an issue

License

Apache 2.0 – See the LICENSE file for details.

About

Secret Scanner detects hardcoded secrets like API keys and credentials in code. It uses a fast C++ engine and offers both CLI and a VS Code extension for easy use.

Topics

security scanner regex-pattern secert-scanner

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 3

v2.0.1 Latest
Jun 30, 2025
+ 2 releases

Packages

No packages published

Languages