Overview
Secret scanning is a critical security capability within Corgea’s AI-native SAST that identifies hardcoded credentials, API keys, tokens, and other sensitive information in your codebase. By detecting secrets before they reach production, you can prevent unauthorized access, data breaches, and compliance violations. Unlike traditional secret scanners that rely solely on pattern matching, Corgea’s secret scanning uses a combination of pattern matching, entropy analysis, and AI-powered contextual understanding to minimize false positives while ensuring comprehensive coverage.How It Works
Corgea’s secret scanner analyzes your entire codebase to identify potential secrets through multiple techniques:1
Pattern Matching
Identifies known secret formats using an extensive library of patterns for popular services and platforms.
2
Entropy Analysis
Detects high-entropy strings that may indicate randomly generated keys, tokens, or passwords.
3
Contextual Understanding
Uses AI to understand the context around potential secrets, reducing false positives from test data, examples, or placeholders.
Detected Secret Types
Corgea’s secret scanner can detect a wide range of secret types across different platforms and services:Cloud Provider Credentials
Cloud Provider Credentials
- AWS Access Keys and Secret Keys
- Google Cloud API Keys
- Azure Storage Account Keys
- Azure Service Principal Credentials
- DigitalOcean Access Tokens
- Alibaba Cloud Access Keys
API Keys and Tokens
API Keys and Tokens
- API keys and tokens
- Authentication credentials
- Personal access tokens
- OAuth tokens
- Bearer tokens
- Service account tokens
Database and Storage
Database and Storage
- Database connection strings
- MongoDB URIs
- PostgreSQL connection strings
- MySQL credentials
- Redis passwords
- Storage access keys
Cryptographic Material
Cryptographic Material
- Private keys (RSA, SSH, PGP)
- SSL/TLS certificates
- Encryption keys
- JWT secrets
- Signing keys
Payment and Financial
Payment and Financial
- Payment gateway credentials
- Stripe API keys
- PayPal credentials
- Square access tokens
Communication Services
Communication Services
- Slack tokens and webhooks
- Twilio API keys
- SendGrid API keys
- Mailgun credentials
Development Tools
Development Tools
- GitHub tokens
- GitLab tokens
- NPM tokens
- Docker registry credentials
- CI/CD secrets
Other Sensitive Data
Other Sensitive Data
- Internal endpoints
- Private URLs
- Environment variables with secrets
- Hardcoded passwords
- Authentication cookies
Detection Results
When secrets are detected, Corgea provides comprehensive information to help you understand and remediate the issue:Secret Type
Classification of the detected secret (e.g., AWS Access Key, API Token)
Location
Exact file path and line number where the secret was found
Security Impact
Assessment of the potential risk and impact of the exposed secret
Remediation Guidance
Actionable steps to secure the secret properly
Prevention Strategies
1
Pre-commit Hooks
Implement pre-commit hooks to scan for secrets before code is committed to your repository.
2
Developer Training
Educate your team about the risks of hardcoded secrets and secure alternatives.
3
Code Reviews
Include secret scanning checks as part of your code review process.
4
Automated Scanning
Enable automated secret scanning in your CI/CD pipeline to catch secrets early.
Integration with Development Workflow
Secret scanning integrates seamlessly into your development workflow:Pull Request Scanning
Automatically scan pull requests for secrets before merging
CI/CD Integration
Run secret scans as part of your continuous integration pipeline
IDE Extensions
Get real-time feedback while coding with IDE integrations
Scheduled Scans
Regular repository scans to detect secrets in existing code
Learn More
Explore AI-native SAST for comprehensive vulnerability detection beyond secrets