Static analysis secrets scanning

Secrets scanning is disabled by default. To enable secrets scanning, use the options -es, --enableSecrets or -so, --secretsOnly with appscan prepare or appscan.sh prepare.

AppScan on Cloud supports scanning of secrets for the following platforms and providers:

Provder/Platform Secret
Alibaba Cloud alibaba_cloud_access_key_id
Alibaba Cloud alibaba_cloud_access_key_secret
AWS aws_access_key_id
AWS aws_secret_access_key
AWS aws_session_token
Atlassian atlassian_api_token
Atlassian atlassian_jwt
Azure azure_cosmosdb_key_identifiable
Azure Azure CosmosDB connection string
Azure azure_devops_personal_access_token
Azure azure_sas_token
Azure azure_search_admin/query_key
Azure azure_sql_connection_string
Azure azure_storage_account_key
Azure Azure storage account connection string
DataBricks databricks_access_token
GitHub github_oauth_access_token
GitHub github_personal_access_token
GitHub github_refresh_token
Google Cloud google_api_key
Google Cloud google_cloud_private_key_id
Open AI openai_api_key
Stripe stripe_live_restricted_key
Stripe stripe_live_secret_key
Stripe stripe_test_restricted_key
Stripe stripe_test_secret_key
mongodb API authentication
mongodb Connection URL
Jenkins Jenkins password/passphrase
credit card numbers Credit card numbers
Social Security Numbers (SSN) Social Security Numbers