GitGuardian unveils “HasMySecretLeaked” to bring leak detection to DevOps pipelines

GitGuardian introduced a free tool called ‘HasMySecretLeaked’ to assist security engineers in proactively checking if their organization’s confidential information has been exposed on GitHub.com. 

This tool addresses the challenge of safeguarding secrets in the cloud-native application development realm, where organizations struggle with secrets spreading across developer tools. According to the company, these secrets are also at risk of being leaked, especially during off-hours, and might end up in personal GitHub repositories outside the organization’s reach. 

“HasMySecretLeaked” is a private database with over 20 million records of hashed secrets leaked in public sources, including GitHub.com. Users can query the database by submitting a hashed version of their secret in the search console, and GitGuardian will look for their perfect matches without revealing any other secrets or their locations.

“Knowing whether your ‘vaulted’ secrets have leaked publicly is just one API call away. We built a privacy-safe and secure process that returns an unequivocal answer to the crucial question: Has my secret leaked?” said Eric Fourrier, co-founder and CEO of GitGuardian.

Starting today, GitGuardian users can use the ‘HasMySecretLeaked’ tool directly through the ggshield command-line interface. Additionally, ggshield has plugins for retrieving secrets from tools like HashiCorp Vault and AWS Secrets Manager, allowing users to inspect them for leaks in local environments. 

This feature is also integrated into the GitGuardian Platform, which notifies security teams if hardcoded secrets in organization-owned repositories, Slack workspaces, or Jira projects are accidentally exposed in public sources beyond the organization’s control or visibility.

GitGuardian actively scans every public commit on GitHub to identify potential leaks of sensitive information, such as API keys, database access credentials, and developer secrets. In 2020, it detected 3 million exposed secrets, and this number increased to 6 million in 2021, with a jump to 10 million in 2022.