Module ghsec::checks::repository_secrets

The repository_secrets lists secrets that are defined in a repository.

Currently, this check only lists secret names found in the repository being analyzed. Since secrets often represent credentials (passwords, tokens, etc.) and are a high-value target, it makes sense to know if a repository contains secrets.

If a secret name matches the --repository-secrets-warn-secret-names regular expression, the secret will be printed as a warning instead of an information message. This allows filtering more critical secrets from less critical ones.

When running with --fix, this check currently does not do anything.

Sources

• GitHub Docs
• GitHub REST API

Structs

• RepositorySecrets
  Implementation for the repository_secrets check
• Secret 🔒
• SecretList 🔒