SecretLint

SecretLint is a web app (with a lightweight CLI) that detects and blocks hardcoded secrets and risky configuration before code reaches production. It scans git repos, CI logs, and build artifacts for API keys, tokens, private keys, and high-risk patterns (debug flags, permissive CORS, unsafe redirects). It then opens actionable pull request comments with exact file/line context, suggested fixes, and safe replacement patterns (env vars, secret managers). It also provides a “blast radius” view: where a leaked secret was used, which environments it touched, and whether it appeared in past commits. This is a combination traditional + AI app: traditional detection uses deterministic rules and entropy checks; AI helps reduce false positives, classify findings, and generate remediation guidance tailored to the framework. Realistically, success depends on being accurate and low-noise—teams will uninstall anything spammy.