During a code review, a developer discovers hardcoded AWS access keys in a configuration file that was committed to the repository. Which tool is specifically designed to detect such secrets in code repositories?
Trap 1: tfsec
tfsec scans Terraform configurations for security issues, not hardcoded secrets.
Trap 2: Checkov
Checkov scans Infrastructure as Code for misconfigurations, not hardcoded secrets.
Trap 3: Snyk
Snyk is primarily for dependency vulnerability scanning, not secrets detection.
- A
GitGuardian
GitGuardian detects secrets in code repositories, including hardcoded cloud credentials.
- B
tfsec
Why wrong: tfsec scans Terraform configurations for security issues, not hardcoded secrets.
- C
Checkov
Why wrong: Checkov scans Infrastructure as Code for misconfigurations, not hardcoded secrets.
- D
Snyk
Why wrong: Snyk is primarily for dependency vulnerability scanning, not secrets detection.