Trufflehog does good job and GitGuardian is amazing. Whats new with yours?
p.s: i have contributed to those projects in past
lexokoh 257 days ago [-]
We built customized components for RSC and Logs. You should check it out. It's a bit different from what's out there, and this is from the feedback we got from the team we are working with.
lexokoh 257 days ago [-]
Would really love your feedback and you can contribute as well
nonamepcbrand1 257 days ago [-]
Sounds good! will take a look soon :)
mvdtnz 257 days ago [-]
I tried scanning one repository (gitlab/gitlab) and it spun for a couple of minutes then failed with "Network Error." No other error details are available.
lexokoh 257 days ago [-]
Sorry about that. Is it a private or large repo? If so, you need to scan it from the CLI.
I am checking if there's any issue right now.
thih9 257 days ago [-]
> Is it a private or large repo?
I entered "rtyley/small-test-repo" which is public and small - and also got "Request failed with status code 400. Try again".
lexokoh 257 days ago [-]
Yah, server overload for the web version. Taking a look now. Sorry about that.
You can try again. I just tried it
mvdtnz 257 days ago [-]
Yes gitlab/gitlab is a large repo.
lexokoh 257 days ago [-]
Just run `npx securelog-scan` locally on the repo. You don't need to install it if you don't want to.
trees101 257 days ago [-]
it would be handy in the age of AI, to be able to dynamically scrub data that gets copied/pasted into the AI.
It's too easy to leak secrets, or even doxx yourself through file paths containing your name etc.
I'd love to find a tool that made scrubbing that data easy
As a security engineer, I started building this tool but my feedback was so poor that no one cared pasting secrets, personal data into LLM chats.
lexokoh 257 days ago [-]
We are working on this for the next release happy to get your feedback on it if it's possible
trees101 257 days ago [-]
Great.
I implemented my own simple prototype, a python script that edits my clipboard. I used the pyperclip module and a yaml file with a list of key words to substitute.
Substitution is necessary rather than removal, so that the AI's responses are still useful.
I got basic functions working but there are some nice-to-have things missing.
E.g. bidirectional info preservation. Ideally if i change /my_full_name/ file path, I want it to be translated to /john_doe/ and when the LLM gives back its response, I want to be able to paste /my_full_name/ back.
Also, preferably it would be highly automated, where I have to manually run my script to edit my clipboard.
Also, nice to have it work for non manual cases such as when using aider-chat.
Further down the line, automated redaction of screenshots.
lexokoh 257 days ago [-]
This is great. I am happy to collaborate. If you fill out the contact form on the site, I'll contact you to try it out. Or open an issue.
powerful rules functionality to recursively search directories for sensitive information in files.
At it's core, Pillager is designed to assist you in determining if a system is affected by common sources of credential leakage as documented by the MITRE ATT&CK framework.
Good for catching those Oops I deployed the company password list again SNAFU's.
reply
lexokoh 257 days ago [-]
Nice, i like some of the concepts.
257 days ago [-]
Rendered at 02:38:25 GMT+0000 (Coordinated Universal Time) with Vercel.
p.s: i have contributed to those projects in past
I am checking if there's any issue right now.
I entered "rtyley/small-test-repo" which is public and small - and also got "Request failed with status code 400. Try again".
You can try again. I just tried it
It's too easy to leak secrets, or even doxx yourself through file paths containing your name etc.
I'd love to find a tool that made scrubbing that data easy
I got basic functions working but there are some nice-to-have things missing.
E.g. bidirectional info preservation. Ideally if i change /my_full_name/ file path, I want it to be translated to /john_doe/ and when the LLM gives back its response, I want to be able to paste /my_full_name/ back.
Also, preferably it would be highly automated, where I have to manually run my script to edit my clipboard. Also, nice to have it work for non manual cases such as when using aider-chat.
Further down the line, automated redaction of screenshots.
[1] https://github.com/Yelp/detect-secrets
https://github.com/brittonhayes/pillager
https://terminaltrove.com/pillager/ <-- TerminalTrove is worth regularly checking.
Good for catching those Oops I deployed the company password list again SNAFU's. reply