secret-magpie

find secrets in ALL your repos
secret-magpie


Organisations struggle to scan for leaked secrets in ALL of their repos. It's easy to scan one repo, but time consuming and tedious to scan all of them. SecretMagpie is a secret detection tool that hunts out all the secrets hiding in ALL your repositories.



Secret Magpie is an advanced secret detection tool designed to help organizations identify and manage sensitive information that may have been inadvertently exposed across their code repositories.

Here are the primary use cases for this tool:

Comprehensive Secret Scanning:

Secret Magpie scans all repositories across platforms like GitHub, GitLab, Azure DevOps, Bitbucket, and local file systems. It automatically enumerates repositories, clones them, and scans every branch using multiple detection tools (e.g., Trufflehog and Gitleaks) to ensure thorough coverage.

Centralized Findings Management:

The tool consolidates all identified secrets into a single list, deduplicating them to streamline the triage process. This helps in avoiding repeated analysis of the same secret across different branches or repositories.

User-Friendly Reporting:

Secret Magpie provides detailed reports in various formats (CSV, JSON) and a web-based interface for easy triage of findings. This makes it easier for security teams to review and act on the detected secrets efficiently.

secret magpie web ui

Automation and Integration:

The tool can be integrated into CI/CD pipelines using Docker, allowing for continuous monitoring and scanning of repositories as part of the development workflow. This ensures that any new secrets introduced into the codebase are quickly identified and addressed.

Enhanced Security Posture:

By detecting and managing exposed secrets, Secret Magpie helps organizations enhance their security posture, reducing the risk of data breaches and unauthorized access resulting from exposed credentials and sensitive information.

secret-magpie is opensource and is on GitHub