Scan SaaS sources for leaked secrets. Backend-agnostic (trufflehog, gitleaks, native regex), source-agnostic (filesystem, plus every connector saas-scraper provides).

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: AGPL-3.0-or-later
    SPDX License Expression
  • Author: pleno
  • Tags dlp , gitleaks , saas , scanner , secrets , trufflehog
  • Requires: Python >=3.12
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

pleno-secret-scanner (Python)

Python CLI that scans SaaS content for leaked secrets, backed by saas-scraper for source collection and a pluggable detection backend (trufflehog, gitleaks, or a tiny built-in regex set).

The Go binary in this repo (cmd/pleno-secret-scanner) remains for filesystem-only scans; the Python package is the path forward for any SaaS source.

Install

uv tool install pleno-secret-scanner
# or
pipx install pleno-secret-scanner
playwright install chromium

Usage

# Scan a Slack workspace using the trufflehog backend (requires trufflehog on PATH)
pleno-secret-scanner scan slack --workspace acme --backend trufflehog

# Scan a GitHub repo with the built-in native backend (no system deps)
pleno-secret-scanner scan github --owner plenoai --repo saas-scraper

# Output formats
pleno-secret-scanner scan slack --workspace acme --format sarif > findings.sarif

Backends

Backend Verifies System dep
trufflehog yes (per-detector) trufflehog CLI on PATH
gitleaks no gitleaks CLI on PATH
native no none — bundled regex set (AWS, GitHub PAT, Slack bot, OpenAI, Anthropic)

Connectors

Anything saas-scraper provides: filesystem, slack, github, gitlab, bitbucket, jira, confluence, notion. New connectors land in saas-scraper and become immediately available here.

Release

Tag py-vX.Y.Z triggers PyPI trusted publishing via GitHub Actions.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: AGPL-3.0-or-later
    SPDX License Expression
  • Author: pleno
  • Tags dlp , gitleaks , saas , scanner , secrets , trufflehog
  • Requires: Python >=3.12
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

0.4.0

0.3.0

This version

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pleno_secret_scanner-0.2.0.tar.gz (9.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pleno_secret_scanner-0.2.0-py3-none-any.whl (15.3 kB view details)

Uploaded Python 3

File details

Details for the file pleno_secret_scanner-0.2.0.tar.gz.

File metadata

  • Download URL: pleno_secret_scanner-0.2.0.tar.gz
  • Upload date:
  • Size: 9.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for pleno_secret_scanner-0.2.0.tar.gz
Algorithm Hash digest
SHA256 8a70d3433f53ba60d8ee2a27df4d54ad6d404e0924c7c243d72025ffbbf591f9
MD5 4fd209a40ea363f8624c2348d9e530d7
BLAKE2b-256 f7d37b5ac74c389cff639d83eaf88387bc3635acbe8112266bd74ff351c4c053

See more details on using hashes here.

Provenance

The following attestation bundles were made for pleno_secret_scanner-0.2.0.tar.gz:

Publisher: release-py.yml on plenoai/pleno-secret-scanner

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pleno_secret_scanner-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for pleno_secret_scanner-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 4e2a35730004d7fda507004a8897f48e31582f4a5147bdb203ebef887390d6bc
MD5 e9847b89edb447c85b7833907aedd074
BLAKE2b-256 f6d27709f1e67c1b0bc62ac1a2f087c910923ecaa8a6614250b60e2f96242998

See more details on using hashes here.

Provenance

The following attestation bundles were made for pleno_secret_scanner-0.2.0-py3-none-any.whl:

Publisher: release-py.yml on plenoai/pleno-secret-scanner

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page