SecretScan

SecretScan is a web app (with a lightweight GitHub/GitLab app) that continuously detects exposed secrets across code, CI logs, build artifacts, and container images—then helps you actually fix the blast radius. Unlike basic secret scanners that spam alerts, it prioritizes by exploitability and verifies whether a token is still valid using safe, provider-specific checks. When it finds a leak, it opens a guided incident: revoke/rotate steps, PRs to remove the secret, and retroactive search to identify where the secret propagated (forks, caches, old releases). It also generates “prevention rules” tailored to your stack (e.g., Terraform, Kubernetes, mobile builds) so the same mistake doesn’t repeat. Expect some false positives early; the value comes from fast triage and automated cleanup, not perfect detection.