TruffleHog
Secret scanner for git history, CI, and filesystems with verified credential checks against live APIs where safe.
Why it is included
Widely used open engine for high-signal secret findings beyond simple regex approaches.
Best for
Org-wide secret hygiene in GitHub/GitLab and pre-commit developer workflows.
Strengths
- Verified secrets
- Many detectors
- Enterprise option exists
Limitations
- AGPL-3.0 for community edition—review distribution model
Good alternatives
Gitleaks · git-secrets
Related tools
Security & Privacy
Gitleaks
Secret scanning for git repos and CI pipelines.
Security & Privacy
Semgrep
Static analysis engine matching AST patterns—rules for OWASP classes, secrets, and custom policies.
Security & Privacy
Trivy
All-in-one scanner for container images, IaC, Kubernetes manifests, SBOMs, and VM OS packages with CI integrations.
Security & Privacy
Kubescape
Kubernetes security scanner for misconfigurations, RBAC, compliance frameworks (NSA/CIS), and image vulnerabilities.
Security & Privacy
Nikto
Web server scanner that probes for dangerous files, outdated software, and misconfigurations via many checks.
Security & Privacy
Nuclei
Fast vulnerability scanner driven by YAML templates—used for recon, misconfigs, CVEs, and custom checks at scale.