devops@credscan $
credscan status
// posture overview · {{ publicMode ? 'paste or upload to scan' : 'scan a path to populate findings' }}
// enter a folder or file to scan for hardcoded secrets · paths are relative to {{ scanRoot || 'the server' }}
$
// tip: mount your code at /scan when running the container, then scan "."
{{ showOptions ? '▾' : '▸' }} more options · min-confidence {{ minConfidence }}{{ opts.no_context_analysis || opts.no_entropy ? ' · detectors tuned' : '' }}
// detection engines (on by default)
[{{ !opts.no_context_analysis ? '✓' : ' ' }}] context-analysis
[{{ !opts.no_entropy ? '✓' : ' ' }}] entropy
$ {{ commandPreview }}
// paste code or config, or drop files — scanned in a sandbox and discarded
{{ f.name }} ✕
clear all
// {{ uploadFiles.length || 'no' }} file(s) queued · limit {{ Math.round(maxBytes/1024/1024) }}MB · {{ maxFiles }} files · nothing stored
{{ showOptions ? '▾' : '▸' }} options · min-confidence {{ minConfidence }}
// toggle engines
[{{ !opts.no_context_analysis ? '✓' : ' ' }}] context-analysis
[{{ !opts.no_entropy ? '✓' : ' ' }}] entropy
[✕] validate-live · disabled in public mode
$ {{ commandPreview }}
severity-summary
// findings by severity · bar = share of all findings · click a card to filter
{{ c.label }}
{{ c.count }}
{{ c.pct }}% of findings
{{ c.delta }}
what-it-detects
// inputs (sidebar) ──▸ scanned for these secret classes · pattern + entropy + context
[✓] {{ c }}
devops@credscan $
credscan --scan-history | --url
// scan beyond the working tree: git history and live web endpoints
git-history
// a secret deleted from code still lives in every clone's history
Local mode only. Git-history scanning walks a repository's commits on the server's disk, which the public demo does not expose. Run credscan-gui locally to use it.
▸
--max-commits
--since
$ credscan --scan-history --max-commits {{ historyMaxCommits || 100 }}{{ historySince ? ' --since "' + historySince + '"' : '' }}
web-endpoint
// fetch a public URL and scan its body for exposed credentials
▸
// only public http/https addresses · internal/metadata IPs are blocked
devops@credscan $
{{ commandPreview }}
// streaming detector output · {{ statusWord }}
{{ progressText }}
{{ ln.text }}
incoming-findings
{{ f.severity.toUpperCase() }} {{ f.type }}
{{ shortFile(f.file) }}:{{ f.line }}
{{ f.masked }}
devops@credscan $
credscan report --last
// {{ reportSummary }}
SEVERITY
{{ filtered.length }} shown
EXPORT
| SEVERITY | TYPE · FILE:LINE · MASKED | CONF |
|---|---|---|
| {{ f.severity }} | {{ f.type }} · {{ shortFile(f.file) }}:{{ f.line }} · {{ f.masked }} {{ valLabel(f.validation) }} | {{ Math.round(f.confidence*100) }}% |
|
detector{{ f.detector }}
validation{{ f.validation }}
context{{ f.context_type || '—' }}
file{{ f.file }}:{{ f.line }}
// remediation
{{ f.remediation }}
fix: {{ f.remediation_fix }}
|
||
no findings match filter
devops@credscan $
credscan baseline list
// suppressed findings excluded from scans · {{ baseline.length }} entries
| REASON | TYPE · FILE:LINE | ACTIONS |
|---|---|---|
| {{ b.reason }} | {{ b.type }} · {{ shortFile(b.file) }}:{{ b.line }} |
baseline empty · no suppressed findings