Version: main-dev

secrets

The secrets analyzer scans container images for embedded secrets and credentials using the TruffleHog CLI.

Overview

Analyzer Name: secrets
Tool Dependency: trufflehog
Output Schema: secrets.schema.json

Functionality

This analyzer searches image layers for embedded secrets, credentials, and tokens. It reports the total number of findings (secrets_count) and how many were verified as live (verified_count).

Default Rules

The following rules are provided by default:

Slug	Title	Level
`verified-secrets`	No verified, active credentials should be embedded in the image.	`critical`
`secret-scan`	No secrets or credentials should be embedded in the image.	`warning`

Overview​

Functionality​

Default Rules​

Overview

Functionality

Default Rules