We all have secrets to hide, but that doesn’t prevent some developers from inadvertently exposing these secrets in their Git repositories. By ‘secrets’, I mostly refer to identifiers and API keys that could, unfortunately, end up in plain text in code files or text documents pushed to GitHub.

So, what can you do to prevent this?

Whether for defensive or offensive purposes, Nosey Parker is the tool you need to uncover the little secrets hidden in the dark corners of GitHub’s code and text files.

This tool can scan files, directories, and the entire history of Git repositories. It combs through them using regular expressions and, upon finding something, stores it in a datastore.

This enables you to conduct code audits or simply ensure you’re not the ‘distracted developer’ I mentioned at the start of this article.

To use Nosey Parker, you can launch it via Docker or download the tool for macOS or Linux from the provided link.

To scan a local Git repository and store the results in a datastore, you should use the following command:

noseyparker scan --datastore cpython cpython.git

If you wish to scan a Git repository online, it’s straightforward:

noseyparker scan --datastore noseyparker --git-url https://github.com/praetorian-inc/noseyparker

To review a scan’s findings from its datastore:

noseyparker summarize --datastore noseyparker

And for a detailed report:

noseyparker report --datastore noseyparker

There you have it: detailed insights into any data leaks. Obviously, Nosey Parker should be used responsibly to secure your own code or for authorized audit missions.

You can find Nosey Parker here.

Did you enjoy this article? Feel free to share it on social media and subscribe to our newsletter so you never miss a post! And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
⚠️ Legal Disclaimer: This website is an informational and educational tech blog. The content provided aims to help users better understand technologies, software, online tools, and digital practices.

We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.

Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.

We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.

Categorized in:

How ToLinux

Tagged in: