Sometimes the GitGuardian secrets detection engine can seem like a mysterious black box, but in reality, it is a huge collection of independent detectors that are being constantly maintained by our dedicated Secrets Team. This team has been working hard since the beginning of the year to ensure your code is protected with the most updated secrets detection capabilities available and today we are happy to be able to share some of these updates with you.

Secrets detection is a very difficult problem to solve, partly because there are a huge number of different types of secrets all with unique characteristics, and partly because secrets are probabilistic in nature, meaning it is impossible to be 100% certain any particular secret is a true positive.

Learn more about how GitGuardian detects secrets

To ensure we provide you with the best coverage of protection, we create individual algorithms for each secret that we call detectors. Recently we detailed exactly how these individual detectors work using the MongoDB credentials as an example. Currently, we have over 250 detectors and this year we have been working at not only updating these but also adding brand new detectors.

In the first 3 months of 2021 we have added 16 new detectors in addition to continuing improvements to the existing detectors. We are excited to share these updates with you as part of our ongoing campaign to lift the lid on the black box that is secrets detection.

New Specific Detectors

New Detectors

Secret Provider

Azure DevOps Personal Access Token (for CLI)

Cloud Provider

Azure Service Management Certificate

Cloud Provider

Azure Subscription Key

Cloud provider

Cloudflare API Token

CDN provider

Codacy API Token

Source code analyzer

Codacy Project Token

Source code analyzer

Codecov API key

Source code analyzer

Discord Bot Token

Messaging platform

Doppler API Key

Secret manager for developers

Linode Key

Cloud Provider

MongoDB CLI Credentials

Database

Paystack Key

Payment solution

Sauce Labs Keys

Cross-browser testing

Surge Token

Front-end deployment tool

New Generic Detectors

In addition to the 14 new detectors above, we also added two new generic category detectors. These are detectors that are not for specific services but to detect secrets that are not covered by a specific detector. These are turned OFF by default in the GitGuardian dashboard.

New Detectors

Details

Username Password

Generic detector detecting username/password couples.

Generic Password

A very broad detector that catches all assigned passwords

A quick reminder that you can view and control what detectors are turned on from your GitGuardian Dashboard under settings.

Login to your GitGuardian account