Skip to content

Commit 56a63e7

Browse files
Mathews-TomMathews-Tom
committed
docs: update README to reflect current repo structure
1 parent d9de30e commit 56a63e7

File tree

1 file changed

+21
-11
lines changed

1 file changed

+21
-11
lines changed

agents/Mathews-Tom__secret-scanner/README.md

Lines changed: 21 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# secret-scanner
22

3-
Pre-commit secret detection agent. Scans for hardcoded API keys, passwords, tokens, connection strings, private keys, and high-entropy strings across known provider patterns.
3+
Pre-commit credential detection agent that scans staged files for hardcoded API keys, passwords, tokens, connection strings, private key material, and high-entropy strings. Operates as a fast, zero-false-negative gate between your code and version control.
44

55
## Run
66

@@ -10,22 +10,32 @@ npx @open-gitagent/gitagent run -r https://github.com/Mathews-Tom/secret-scanner
1010

1111
## What It Can Do
1212

13-
- Detect hardcoded secrets across 50+ provider patterns (AWS, GCP, Azure, Stripe, etc.)
14-
- Identify high-entropy strings that may be credentials
15-
- Scan for private keys, certificates, and connection strings
16-
- Flag passwords and tokens in configuration files
17-
- Report findings with file location, secret type, and severity
13+
- **Provider Key Detection** — recognizes exact patterns for AWS, GitHub, Slack, Stripe, Google, Azure, and other provider credentials
14+
- **Private Key Scanning** — detects PEM-encoded RSA, EC, OPENSSH, PGP, DSA, and PKCS8 private key material
15+
- **Connection String Detection** — finds database and service connection strings with embedded credentials (PostgreSQL, MySQL, MongoDB, Redis, AMQP, SMTP)
16+
- **High-Entropy Analysis** — calculates Shannon entropy to flag suspicious strings assigned to credential-like variables
17+
- **Environment Variable Leakage** — detects .env values leaked into source code and hardcoded fallbacks in os.environ/process.env calls
18+
- **Redacted Reporting** — outputs findings with redacted secrets (first 4 / last 4 characters only) to prevent the scan report itself from becoming a leak vector
1819

1920
## Structure
2021

2122
```
2223
secret-scanner/
23-
agent.yaml # Agent configuration
24-
SOUL.md # Behavioral instructions and detection patterns
25-
icon.png # 256x256 agent icon
26-
banner.png # 1200x630 agent banner
24+
├── .gitignore
25+
├── LICENSE
26+
├── README.md
27+
├── RULES.md
28+
├── SOUL.md
29+
├── agent.yaml
30+
├── assets/
31+
│ ├── icon.png
32+
│ └── banner.png
33+
└── knowledge/
34+
├── provider-key-patterns.md
35+
├── high-entropy-detection.md
36+
└── remediation-guide.md
2737
```
2838

2939
## Built with
3040

31-
Built with [gitagent](https://github.com/open-gitagent/gitagent).
41+
Built for the [gitagent](https://gitagent.sh) ecosystem.

0 commit comments

Comments
 (0)