Hello everyone, I am sharing a small change that I did in the detect-secrets tool which is my client's requirement. My client wants to use the “custom filter” in the Detect-Secrets but also wants, that no other option will be added while using it. Example: detect-secrets scan --filter custom_filter.py::is_invalid_secret The reason to add the filter code in the tool code, so that anybody in the company, directly can use it without remembering any options and the path of the filter file like in the above example. What is the filter in Detect-Secrets? The filter is something that you don’t want to scan at the time of repo scan by detect-secrets . Like your organization use “AppID = dasdsfdsfsdfsf”, so for “ Detect-secrets ” this is secret but for your organization, it’s a normal value. So if you want fewer false-positive results then we use the filters. How to add filter code in code and build the detect secret? Step1: Clone the “ Detect-Secrets ” tool repo. git clone https://githu
A blog is all about cyber security, WAPT, VAPT, API Security Testing, Scripts, Automation and Random stuff