secretlint v3.0 support GitHub’s new authentication token detection

secretlint is a pluggable linting tool to prevent committing credential.
  • secretlint/secretlint: Pluggable linting tool to prevent committing credential.
    • secretlint is similar tools to git-secrets, but it is more flexible and support more credentials.
    secretlint v3.0 support new GitHub Token format.
  • Release v3.0.0 · secretlint/secretlint
    • Recently, GitHub introduce new authentication token format.
  • Behind GitHub's new authentication token formats | The GitHub Blog
  • Authentication token format updates are generally available | GitHub Changelog

    • The character set changed from [a-f0-9] to [A-Za-z0-9_]
    The format now includes a prefix for each token type:
    ghp_ for Personal Access Tokens
    gho_ for OAuth Access tokens
    ghu_ for GitHub App user-to-server tokens
    ghs_ for GitHub App server-to-server tokens
    ghr_ for GitHub App refresh tokens

    secretlint support them!
    Usage
    You can use secretlint as Docker Container or Node.js CLI.
    If you already have installed Docker:
    docker run -v `pwd`:`pwd` -w `pwd` --rm -it secretlint/secretlint secretlint "**/*"
    If you already have installed Node.js:
    npx @secretlint/quick-start "**/*"
    secretlint also support custom rules like ESLint.
    If you want to configure it, please see secretlint documenataion.
    You can setup pre-commit Hook per project or pre-commit Hook globally.
    This git's pre-commit prevent you to commit your credentials like GitHub Token, SSH key, AWS crendentials.
    If you want to know about secretlint, please visit secretlint/secretlint.

    33

    Tags:

    SecurityCredentialsGitLint

    This website collects cookies to deliver better user experience

    secretlint v3.0 support GitHub’s new authentication token detection