Thanks to all our contributors, users, and the many people that make detect-secrets
possible! ❤️
If you love detect-secrets
, please star our project on GitHub to show your support! ⭐
- Fixed a bug where we didn't skip sequential strings when we should have (#67)
- Changed
--audit
and--scan
toaudit
andscan
(#51) - Changed
scan --import <baseline>
toscan --update <baseline>
(#58)
- Reduced false-positives caused by sequential strings, e.g.
ABCDEF
(#64)
- Fixed a bug where the pre-commit code would remove the
is_secret
attribute from audited baselines (#65) - Fixed an
audit
bug where we would crash if a file in the baseline did not exist (#56) - Improved the
audit
functionality to handle short files better (#48)
- Fixed numbering system with interactive audit
- Fixed "leapfrog" edge case for audit functionality (#47)
- Added ability to migrate baselines from an older version to a newer version
- Added functionality to audit baseline, to distinguish difference between false and true positives in the baseline file (#44)
- Upgraded
PrivateKeyPlugin
: more search parameters, more lines searched, and secret hash created using payload (rather than the entire line content)
- Differentiate between
Base64HighEntropyStrings
andHexHighEntropyStrings
throughsecret_type
(#26) - Got rid of
SensitivityValues
as a means to store plugin configs
- Improved the heuristic for
HexHighEntropyStrings
, reducing the false positive rates for large numbers identified in code
- Baseline always outputs in sorted order now, to prevent unnecessary diffs (#25)
- Escape exclude regex statements before compilation (#39)
- Fixed case where details of plugins used were not included in the baseline, when the pre-commit hook updated it (#40)
- Simplified logging by removing
CustomLog
(#46)
- Allow scanning of non-git files (#18)
- Improved scanning of INI config files with
HighEntropyString
(#13, #17) - Improved scanning of YAML files with
HighEntropyString
(#16)
- Fixed PrivateKeyPlugin analyze results' representation (#15)