LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Building Your First DevSecOps Pipeline in AWS

Unlock the full course today

Join today to access over 24,500 courses taught by industry experts.

Integrating secrets scanning into DevSecOps

Integrating secrets scanning into DevSecOps - Amazon Web Services (AWS) Tutorial

From the course: Building Your First DevSecOps Pipeline in AWS

Start my 1-month free trial Buy for my team

Integrating secrets scanning into DevSecOps

“

In a modern development environment, secrets are a necessity. We have to use secrets for API calls or for authentication. Security best practice is to use a secret repository to store those secrets and call it when needed. But sometimes secrets get left in code. We need to scan for the secrets in our DevSecOps pipeline. Secret scanning involves scanning the source code or open source repositories for unintended secrets left in the open. These could include secrets like passwords or access keys. Good secret scanning tools work well in the DevSecOps pipeline. They usually will also work well in the IDE. The sooner a developer fixes the issue, the easier the fix. And developers always like to work in their environment when possible. There are several tools that can be used for scanning. TruffleHog and SecretScanner are third-party options. But CodeGuru combined with Q can also scan for secrets. This is a representation of how secret scanning fits into the CI/CD. Secret scanning tends to…

Contents