We all have secrets to hide, but that doesn’t prevent some developers from inadvertently exposing these secrets in their Git repositories. By ‘secrets’, I mostly refer to identifiers and API keys that could, unfortunately, end up in plain text in code files or text documents pushed to GitHub.
So, what can you do to prevent this?
Whether for defensive or offensive purposes, Nosey Parker is the tool you need to uncover the little secrets hidden in the dark corners of GitHub’s code and text files.
This tool can scan files, directories, and the entire history of Git repositories. It combs through them using regular expressions and, upon finding something, stores it in a datastore.
This enables you to conduct code audits or simply ensure you’re not the ‘distracted developer’ I mentioned at the start of this article.
To use Nosey Parker, you can launch it via Docker or download the tool for macOS or Linux from the provided link.
To scan a local Git repository and store the results in a datastore, you should use the following command:
noseyparker scan --datastore cpython cpython.git
If you wish to scan a Git repository online, it’s straightforward:
noseyparker scan --datastore noseyparker --git-url https://github.com/praetorian-inc/noseyparker
To review a scan’s findings from its datastore:
noseyparker summarize --datastore noseyparker
And for a detailed report:
noseyparker report --datastore noseyparker
There you have it: detailed insights into any data leaks. Obviously, Nosey Parker should be used responsibly to secure your own code or for authorized audit missions.