Analysis updated 2026-05-18
Scan a repository for accidentally hardcoded AWS, GitHub, Slack, or Stripe credentials
Run an incremental scan on just the files changed in your latest Git commits
Set up a daemon that emails alerts when critical secrets are found in new commits
| sphillips1337/repo-security-scan | 0xhassaan/nn-from-scratch | 3ks/embedoc | |
|---|---|---|---|
| Stars | 0 | 0 | — |
| Language | Python | Python | Python |
| Last pushed | — | — | 2023-06-08 |
| Maintenance | — | — | Dormant |
| Setup difficulty | easy | moderate | hard |
| Complexity | 2/5 | 4/5 | 1/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Daemon and cron modes need additional email or scheduling configuration.
Repo Security Scanner is a command-line tool written in Python that scans the files in a local code repository and looks for secrets that should not be there, API keys, passwords, private encryption keys, and cloud service tokens that a developer accidentally hardcoded into source files. The goal is to catch these before they get committed to version control and potentially exposed publicly. The scanner walks through a directory recursively, applying regular expression patterns to each file's content. It recognizes specific formats for AWS credentials, GitHub personal access tokens, RSA and other private key types, and keys for services including Slack, Stripe, Twilio, SendGrid, DigitalOcean, and Google APIs, along with generic patterns for password assignments and database connection strings. Three scan modes are available: a full scan of all files, a quick scan that checks only the highest-priority patterns, and an incremental scan that looks only at files changed in Git since a specified point. Findings are ranked by severity (CRITICAL, HIGH, MEDIUM, LOW), duplicate secrets found in multiple files are consolidated, and binary or large files are skipped automatically. The tool can run as a one-off scan from the command line, as a scheduled daemon that monitors for new commits and emails alerts when critical findings appear, or via cron for background monitoring. It also includes a Model Context Protocol (MCP) server, allowing AI assistants to run scans and retrieve reports programmatically. Configuration is handled through a YAML file and environment variables. The full README is longer than what was provided.
A command-line scanner that finds hardcoded API keys, passwords, and secrets in your code before they get committed to version control.
Mainly Python. The stack also includes Python, YAML, MCP.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.