GitGuardian Secrets Detectors 2022 Wrap-Up

It’s time for our yearly wrap-up as we bid adieu to 2022! Last year has shown us that we’re still the developers’ best ally to catch hardcoded secrets, the GitGuardian app remains #1 on GitHub Marketplace, and we don’t want to stop here!

We entered 2022 with more than 300 built-in detectors in GitGuardian. And while it may seem like it’s enough, it has not changed our quest to provide the most all-around secrets detection engine and help security and engineering teams write more secure code.

Let’s take a quick look at the 30+ new detectors our engineering team released this year.

New detectors released in 2022

The 1st quarter of the year was the busiest, with 14 new detectors released!

Detector

Category

Provider

Twitch User App Credentials

Other

Twitch

DigitalOcean OAuth Application Keys

Cloud Provider

DigitalOcean

PayPal OAuth2 Keys

Payment system

PayPal

Twitch API Keys

Other

Twitch

IBM COS HMAC Credentials

Cloud Provider

IBM

EasyPost API Key

Messaging system

EasyPost

HashiCorp Vault Unseal Key

Other

HashiCorp

Shippo API Token

Other

Shippo

Freshdesk API Token

Development tool

Freshdesk

Freshdesk Messaging Token

Other

Freshdesk

Trend Micro Conformity API Key

Other

Trend Micro

Trend Micro Cloud One API Key

Other

Trend Micro

The 2nd quarter was the least busy; our team shipped fewer detectors. Still, it focused on improving the precision and accuracy of the existing ones!

Detector

Category

Provider

Notion Integration Token

Collaboration tool

Notion Labs Inc.

Discord OAuth2 Keys

Messaging system

Discord

Linkedin OAuth2 Keys

Social network

Linkedin

Yousign API Key

Other

Yousign

Typeform API Token

Other

Typeform

Alchemy API Key

Cryptos

Alchemy

💡
Also, during this time, the team worked on a completely new area, developing an engine for Infrastructure-as-Code security scanning. It’s already integrated into ggshield, the GitGuardian CLI, so you can now scan your Terraform files for 70+ security misconfigurations!

Finally, things picked up in the second half of 2022, with more than 15 detectors released!

Detector

Category

Provider

Webex App Keys

Messaging system

Webex

Grafana Service Account Token

Monitoring

Grafana

Customer.io Track Keys

Development tool

Customer.io

Customer.io App Keys

Development tool

Customer.io

Base64 Generic High Entropy Secret

Other

N/A

PubNub Publish and Subscription Keys

Messaging system

PubNub

Chief App Key

Other

Chief App

Neo4j Credentials

Data storage

Neo4j

Thycotic Secret Server Credentials

Development tool

Delinea

Octopus Deploy API Key

Development tool

Octopus Deploy

GitHub Access Token (fine-grained PAT)

Version control platform

GitHub

SonarQube Token

Development tool

SonarQube

In your GitGuardian workspace

Remember, you can view and activate or deactivate secrets detectors from your GitGuardian workspace. Also, each detector now links to a specific page in the GitGuardian documentation to which you can refer for more detailed information on the type of secret, its scope, how to revoke it, etc.