Skip to content

secrets-scanner

Directory actions

More options

Directory actions

More options

Latest commit

Β 

History

History

secrets-scanner

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
cmd/portia
cmd/portia
Β 
Β 
internal
internal
Β 
Β 
learn
learn
Β 
Β 
pkg/types
pkg/types
Β 
Β 
testdata/fixtures
testdata/fixtures
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.golangci.yml
.golangci.yml
Β 
Β 
.portia.toml.example
.portia.toml.example
Β 
Β 
Justfile
Justfile
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
go.mod
go.mod
Β 
Β 
go.sum
go.sum
Β 
Β 
install.sh
install.sh
Β 
Β 

README.md

β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—
β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β•šβ•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—
β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘
β–ˆβ–ˆβ•”β•β•β•β• β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•‘
β–ˆβ–ˆβ•‘     β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘
β•šβ•β•      β•šβ•β•β•β•β•β• β•šβ•β•  β•šβ•β•   β•šβ•β•   β•šβ•β•β•šβ•β•  β•šβ•β•

Cybersecurity Projects Go License: AGPLv3 HIBP

Secrets scanner for codebases and git repositories, written in Go.

This is a quick overview. Security theory, architecture, and full walkthroughs are in the learn modules.

What It Does

  • 150 detection rules covering AWS, GitHub, GitLab, GCP, Azure, Slack, Stripe, Twilio, SendGrid, SSH/PGP keys, passwords, connection strings, JWTs, and 100+ more
  • Shannon entropy analysis for detecting high-randomness strings
  • HIBP breach verification via k-anonymity protocol (your secrets never leave your machine)
  • Directory scanning and full git history scanning (branches, depth, date ranges)
  • Output as colored terminal tables, JSON, or SARIF v2.1.0
  • 5-layer false positive defense: keyword pre-filter, structural validation, stopwords, allowlists, entropy
  • Concurrent pipeline with bounded worker pools
  • TOML configuration via .portia.toml or pyproject.toml

Install

curl -fsSL https://raw.githubusercontent.com/CarterPerez-dev/portia/main/install.sh | bash

Or with Go:

go install github.com/CarterPerez-dev/portia/cmd/portia@latest

Quick Start

portia scan .

Tip

This project uses just as a command runner. Type just to see all available commands.

Install: curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin

Commands

Command Description
portia scan [path] Scan a directory for secrets
portia git [repo] Scan git history for secrets
portia init Initialize .portia.toml configuration
portia pyproject Create pyproject.toml with [tool.portia] config
portia config rules List all 150 detection rules
portia config show Show active configuration

Flags: --format (terminal/json/sarif), --verbose, --no-color, --exclude, --max-size, --hibp, --config

Git flags: --branch, --since, --depth, --staged

Learn

This project includes step-by-step learning materials covering security theory, architecture, and implementation.

Module Topic
00 - Overview Prerequisites and quick start
01 - Concepts Secret sprawl, entropy, and breach databases
02 - Architecture System design and data flow
03 - Implementation Code walkthrough
04 - Challenges Extension ideas and exercises

License

AGPL 3.0