Telling tales on you for leaking secrets!

Overview

Sqealer

Squealer

Telling tales on you for leaking secrets!

Build Status codecov Go Report Card Github Release GitHub All Releases

Squealer scans a local git repository for secrets that are being leaked deep within the commit history.

The built-in configuration has the following checks;

AWS

  • access key id
  • access secret key

Github

  • github token

Slack

  • slack token OAUTH
  • webhook url

Other

  • Asymmetric Private Key

Sometimes we have secrets committed to our projects, generally we can invalidate them and move on. If squealer is telling tales about a secret that you are aware of and has been mitigated, you can use the exception rule found in the output to register it as ignored.

Installation

curl -s "https://raw.githubusercontent.com/owenrumney/squealer/main/scripts/install.sh" | bash

Usage

Squealer is intended to be run either locally or as part of a CI process.

./squealer --help
Telling tales on your secret leaking

Usage:
  squealer [flags]

Flags:
      --concise                Reduced output.
      --config-file string     Path to the config file with the rules.
      --debug                  Include debug output.
      --everything             Scan all commits.... everywhere.
      --from-hash string       The hash to work back to from the starting hash.
  -h, --help                   help for squealer
      --no-git                 Scan as a directory rather than a git history.
      --output-format string   The format that the output should come in (default, json, sarif.
      --redacted               Display the results redacted.
      --to-hash string         The most recent hash to start with.

Config File

rules:
- rule: (A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}
  description: Check for AWS Access Key Id
- rule: (?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]
  description: Check for AWS Secret Access Key
- rule: (?i)github[_\-\.]?token[\s:,="\]']+?(?-i)[0-9a-zA-Z]{35,40}
  description: Check for Github Token 
- rule: https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}
  description: Check for Slack webhook
- rule: xox[baprs]-([0-9a-zA-Z]{10,48})?
  description: Check for Slack token
- rule: '-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----'
  description: Check for Private Asymetric Key
ignore_paths:
- vendor
- node_modules
ignore_extensions:
- .zip
- .png
- .jpg
- .pdf
- .xls
- .doc
- .docx
exceptions:
- exception: release/update.go:D2IDetI6aidl58GE6dv5uAaWmXM=
  reason: This is a webhook that we got rid of - can be ignored in this file

Config breakdown

The config file is made up of the rules, ignore_prefixes, ignore_extensions and exceptions.

rules

Rules define the regular expression that is used to detect the secret. Requires a description for posterity.

ignore_paths

Ignore paths are folders that you don't want to look ing - generally vendor and the like.

ignore_extensions

Ignore extensions have the file types that won't be scanned. Binaries are automatically ignored.

exceptions

Exceptions are the entries that you've already handled and don't want to be reported any more.

Example Output

INFO[0000] Using a git scanner to process ../../tfsec/tfsec
INFO[0000] starting at hash 3bd04e7e17f2aad9e5f38826d88325798534a289

Content:      | access_key = "AKIAABCD12ABCDEF1ABC"
Filename:     | internal/app/tfsec/checks/aws044.go
Line No:      | 21
Secret Hash:  | bcE9jU2WV11OYs63eGHPZf1l9v8=
Commit:       | 4e68e1c5b3bc66982e4b7e6c5cc1c1642c87f83d
Committer:    | GitHub ([email protected])
Committed:    | 2020-10-21 21:59:22 +0100 +0100
Exclude rule: | internal/app/tfsec/checks/aws044.go:bcE9jU2WV11OYs63eGHPZf1l9v8=

Content:      | access_key = "AKIAABCD12ABCDEF1ABC"
Filename:     | docs-website/docs/aws/AWS044.md
Line No:      | 26
Secret Hash:  | bcE9jU2WV11OYs63eGHPZf1l9v8=
Commit:       | 8a7715f2cf5a2ac74a1e186792c476fd52ee1474
Committer:    | ¨Owen Rumney ([email protected])
Committed:    | 2021-01-24 19:04:27 +0000 +0000
Exclude rule: | docs-website/docs/aws/AWS044.md:bcE9jU2WV11OYs63eGHPZf1l9v8=

Processing:
  duration:     2.99s
  commits:      503
  commit files: 4095

transgressionMap:
  identified:   6
  ignored:      0
  reported:     2


INFO[0002] Exit code: 1

It's worth noting that these are known because they're examples in the documentation for tfsec - I can add them to the config.yaml as exclusions y using the Exclude rule

Credits

Image by Derangedmisfit

Comments
  • Bump alpine from 3.16.0 to 3.16.1

    Bump alpine from 3.16.0 to 3.16.1

    Bumps alpine from 3.16.0 to 3.16.1.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 1
  • Bump github.com/stretchr/testify from 1.7.3 to 1.7.5

    Bump github.com/stretchr/testify from 1.7.3 to 1.7.5

    Bumps github.com/stretchr/testify from 1.7.3 to 1.7.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump github.com/stretchr/testify from 1.7.1 to 1.7.2

    Bump github.com/stretchr/testify from 1.7.1 to 1.7.2

    Bumps github.com/stretchr/testify from 1.7.1 to 1.7.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump alpine from 3.15.2 to 3.15.3

    Bump alpine from 3.15.2 to 3.15.3

    Bumps alpine from 3.15.2 to 3.15.3.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 1
  • Bump github.com/owenrumney/go-sarif from 1.0.10 to 1.0.11

    Bump github.com/owenrumney/go-sarif from 1.0.10 to 1.0.11

    Bumps github.com/owenrumney/go-sarif from 1.0.10 to 1.0.11.

    Release notes

    Sourced from github.com/owenrumney/go-sarif's releases.

    v1.0.11

    Changelog

    9f33854 Bump github.com/zclconf/go-cty from 1.8.3 to 1.8.4 ed99015 Merge pull request #21 from owenrumney/dependabot/go_modules/github.com/zclconf/go-cty-1.8.4

    Commits
    • ed99015 Merge pull request #21 from owenrumney/dependabot/go_modules/github.com/zclco...
    • 9f33854 Bump github.com/zclconf/go-cty from 1.8.3 to 1.8.4
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump golang from 1.16.2-alpine to 1.16.5-alpine

    Bump golang from 1.16.2-alpine to 1.16.5-alpine

    Bumps golang from 1.16.2-alpine to 1.16.5-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 1
  • Bump golang from 1.16.2-alpine to 1.16.4-alpine

    Bump golang from 1.16.2-alpine to 1.16.4-alpine

    Bumps golang from 1.16.2-alpine to 1.16.4-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 1
  • Bump github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0

    Bump github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0

    Bumps github.com/go-git/go-git/v5 from 5.2.0 to 5.3.0.

    Release notes

    Sourced from github.com/go-git/go-git/v5's releases.

    v5.3.0

    Change Log

    • transport: ssh, fix cloning large repositories #272 (dcu)
    • diff: Allow srcPrefix and dstPrefix to be configured #265 (yabberyabber)
    • Remote: add RequireRemoteRefs to PushOptions #258 (asuffield)
    • plumbing: gitignore, Fix gitconfig path in LoadSystemPatterns doc #256 (andrewarchi)
    • plumbing: wire up contexts for Transport.AdvertisedReferences #246 (asuffield)
    • worktree: Don't remove root directory when cleaning #230 (hansmi)
    • *: add insecureSkipTLS and cabundle #228 (StrongMonkey)
    • git: worktree_commit, just store objects not already stored #224 (jsteuer)
    • plumbing: packp: adding "object-format" and "filter" capabilities #222 (rofc)
    • Submodule: fix relative submodule resolution #195 (adracus)
    • git: worktree, Support relative submodule URL. #184 (mikyk10)
    • config: add init.defaultBranch to the config #178 (tomlazar)
    • config: support insteadOf for remotes' URLs #79 (kostyay)
    Commits
    • d5ed15d plumbing: transport/ssh, fix no agent test on windows
    • b0ef4d4 go modules updated
    • 4ac486c github-action: update go version
    • 9d995cb *: fix flaky test
    • e5bbc4d plumbing: wire up contexts for Transport.AdvertisedReferences (#246)
    • 1f32838 transport: ssh, fix cloning large repositories (#272)
    • bf3471d add RequireRemoteRefs to PushOptions (#258)
    • 55ba7b2 diff: Allow srcPrefix and dstPrefix to be configured (#265)
    • 4519f59 plumbing: gitignore, Fix gitconfig path in LoadSystemPatterns doc (#256)
    • c66023a git: worktree_commit, just store objects not already stored (#224)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump golang from 1.16.2-alpine to 1.16.3-alpine

    Bump golang from 1.16.2-alpine to 1.16.3-alpine

    Bumps golang from 1.16.2-alpine to 1.16.3-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 1
  • Bump golang from 1.16.0-alpine to 1.16.2-alpine

    Bump golang from 1.16.0-alpine to 1.16.2-alpine

    Bumps golang from 1.16.0-alpine to 1.16.2-alpine.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 1
  • Bump gopkg.in/yaml.v2 from 2.2.8 to 2.4.0

    Bump gopkg.in/yaml.v2 from 2.2.8 to 2.4.0

    Bumps gopkg.in/yaml.v2 from 2.2.8 to 2.4.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 1
  • Bump alpine from 3.16.0 to 3.16.2

    Bump alpine from 3.16.0 to 3.16.2

    Bumps alpine from 3.16.0 to 3.16.2.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies docker 
    opened by dependabot[bot] 0
  • panic creating shell completions

    panic creating shell completions

    Describe the bug Trying to create shell completions for squealer it panics.

    To Reproduce Steps to reproduce the behavior:

    1. wget https://github.com/owenrumney/squealer/releases/download/v1.1.0/squealer.linux.amd64
    2. chmod +x squealer.linux.amd64
    3. ./squealer.linux.amd64 completion
    4. ./squealer.linux.amd64 completion bash
    ./squealer.linux.amd64 completion 
    INFO[0000] Using a git scanner to process completion    
    panic: runtime error: invalid memory address or nil pointer dereference
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x8c60f7]
    
    goroutine 1 [running]:
    github.com/owenrumney/squealer/internal/app/squealer/cmd.getScanner(0xc0000b4960, {0x7ffdad5610b5, 0xa})
    	/home/runner/work/squealer/squealer/internal/app/squealer/cmd/root.go:90 +0x2f7
    github.com/owenrumney/squealer/internal/app/squealer/cmd.squeal(0xc000150000, {0xc00012ee10, 0x1, 0x1})
    	/home/runner/work/squealer/squealer/internal/app/squealer/cmd/root.go:53 +0xe8
    github.com/spf13/cobra.(*Command).execute(0xc000150000, {0xc0000b8010, 0x1, 0x1})
    	/home/runner/work/squealer/squealer/vendor/github.com/spf13/cobra/command.go:856 +0x60e
    github.com/spf13/cobra.(*Command).ExecuteC(0xc000150000)
    	/home/runner/work/squealer/squealer/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
    github.com/spf13/cobra.(*Command).Execute(...)
    	/home/runner/work/squealer/squealer/vendor/github.com/spf13/cobra/command.go:902
    main.main()
    	/home/runner/work/squealer/squealer/cmd/squealer/main.go:11 +0x7f
    
    
    opened by mikelolasagasti 0
  • Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0

    Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0

    Bumps github.com/sirupsen/logrus from 1.8.1 to 1.9.0.

    Commits
    • f8bf765 Merge pull request #1343 from sirupsen/dbd-upd-dep
    • ebc9029 update dependencies
    • 56c843c Merge pull request #1337 from izhakmo/fix-cve
    • 41b4ee6 update gopkg.in/yaml.v3 to v3.0.1
    • f98ed3e Merge pull request #1333 from nathanejohnson/bumpxsys
    • 2b8f60a bump version of golangci-lint
    • 0db10ef bump version of golang.org/x/sys dependency
    • 85981c0 Merge pull request #1263 from rubensayshi/fix-race
    • 79c5ab6 Merge pull request #1283 from sirupsen/dbd-log-doc
    • 5f8c666 Improve Log methods documentation
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • Bump github.com/stretchr/testify from 1.7.3 to 1.8.0

    Bump github.com/stretchr/testify from 1.7.3 to 1.8.0

    Bumps github.com/stretchr/testify from 1.7.3 to 1.8.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
  • Bump github.com/spf13/cobra from 1.4.0 to 1.5.0

    Bump github.com/spf13/cobra from 1.4.0 to 1.5.0

    Bumps github.com/spf13/cobra from 1.4.0 to 1.5.0.

    Release notes

    Sourced from github.com/spf13/cobra's releases.

    v1.5.0

    Spring 2022 Release 🌥️

    Hello everyone! Welcome to another release of cobra. Completions continue to get better and better. This release adds a few really cool new features. We also continue to patch versions of our dependencies as they become available via dependabot. Happy coding!

    Active help 👐🏼

    Shout out to @​marckhouzam for a big value add: Active Help spf13/cobra#1482. With active help, a program can provide some inline warnings or hints for users as they hit tab. Now, your CLIs can be even more intuitive to use!

    Currently active help is only supported for bash V2 and zsh. Marc wrote a whole guide on how to do this, so make sure to give it a good read to learn how you can add this to your cobra code! https://github.com/spf13/cobra/blob/master/active_help.md

    Group flags 🧑🏼‍🤝‍🧑🏼

    Cobra now has the ability to mark flags as required or exclusive as a group. Shout out to our newest maintainer @​johnSchnake for this! spf13/cobra#1654 Let's say you have a username flag that MUST be partnered with a password flag. Well, now, you can enforce those as being required together:

    rootCmd.Flags().StringVarP(&u, "username", "u", "", "Username (required if password is set)")
    rootCmd.Flags().StringVarP(&pw, "password", "p", "", "Password (required if username is set)")
    rootCmd.MarkFlagsRequiredTogether("username", "password")
    

    Flags may also be marked as "mutally exclusive" with the MarkFlagsMutuallyExclusive(string, string ... ) command API. Refer to our user guide documentation for further info!

    Completions 👀

    Documentation 📝

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies go 
    opened by dependabot[bot] 0
Releases(v1.1.0)
Owner
Owen Rumney
Owen Rumney
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com

shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br

Paul 3.5k Sep 29, 2022
Allows you to replace a secret in a file using secrets manager

secrets inserter Allows you to replace a secret in a file using secrets manager. ::SECRET:secret-name:SECRET:: will be replaced with your secret-name

null 0 Dec 12, 2021
Find secrets and passwords in container images and file systems

Find secrets and passwords in container images and file systems

null 1.6k Sep 27, 2022
Friends don't let friends leak secrets on their terminal window

senv - safer env Friends don't let friends leak secrets in terminal windows. ?? Print your environment to the terminal without worry.

null 103 Aug 4, 2022
A tool for secrets management, encryption as a service, and privileged access management

Vault Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, please respo

HashiCorp 25.9k Sep 26, 2022
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with ?? by edoardottt. Share on Twitter! P

gilfoyle97 577 Sep 20, 2022
A containerd runc shim for replacing environment variables with external secrets

ext-secrets-runc-shim A containerd, runc-based, shim for replacing environment variables with secrets from arbitrary external engines. Quickstart Inst

Pelotech 8 Aug 9, 2022
QR secrets is a cryptographically secure mechanism to store secret data with the highest levels of security and store it on physical paper.

QR Secrets QR secrets is a cryptographically secure mechanism to store secret data with the highest levels of security. Incorporating; AES256-GCM-HKDF

Go Compile 0 Jan 12, 2022
PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. You can use PHP like functions in your app, module etc. when you add this module to your project.

PHP Functions for Golang - phpfuncs PHP functions implementation to Golang. This package is for the Go beginners who have developed PHP code before. Y

Serkan Algur 52 Aug 26, 2022
Create strong passwords using words that are easy for you to remember

Grasp Create strong passwords using words that are easy for you to remember A way to circumvent password complexity rules and restrictions while only

Luca Sepe 18 Jul 26, 2022
Use the tools you know. Respect users' privacy. Forget cookie consents. Comply with GDPR, ePrivacy, COPPA, CalOPPA, PECR, PIPEDA, CASL;

Privera Community Edition (CE) The Analytics' Anonymization Proxy Use the tools you know. Respect users' privacy. Forget cookie consents.

Privera 23 Apr 26, 2022
Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.

SerpScan Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line. Table

Alaa Abdulridha 49 Sep 13, 2022
High-Performance Shortlink ( Short URL ) app creator in Golang. For privacy reasons, you may prefer to host your own short URL app and this is the one to use.

About The Project Shortlink App in Golang Multiple Node based Architecture to create and scale at ease Highly performant key-value storage system Cent

null 126 Sep 7, 2022
Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place

cent Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place Inst

null 362 Sep 17, 2022
Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user.

Driftwood is a tool that can enable you to lookup whether a private key is used for things like TLS or as a GitHub SSH key for a user. Drift

Truffle Security 304 Sep 20, 2022
Naabu - a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN/CONNECT scans on the host/list of hosts and lists all ports that return a reply.

null 0 Jan 2, 2022
Proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability.

proto-find proto-find is a tool for researchers that lets you find client side prototype pollution vulnerability. How it works proto-find open URL in

null 52 Sep 1, 2022
A static blog generator for telling tall tales

Gleeman Gleeman is a toy static blog generator that aims to be a simple way to tell tales. The term "gleeman" is taken from Robert Jordan's epic fanta

Brian Seitel 0 Jan 14, 2022
Secret - Prevent your secrets from leaking into logs and std*

secret - Prevent your secrets from leaking into logs and std* The package provid

Ravi Shekhar Jethani 16 Sep 27, 2022
Secretsmanager - Secrets management that allows you to store your secrets encrypted in git

I created secretsmanager to store some secrets within a repository. The secrets are encrypted at rest, with readable keys and editable JSON, so you can rename a key or delete it by hand. The cli tool handles the bare minumum of requirements.

Tit Petric 20 May 6, 2022