A data leak occurs when an internal source exposes information. Meanwhile, a data breach is caused when an external source breaches the system in a cyberattack. Criminals can use a variety of methods to try and break into a network. In other words, a data leak is usually an accident, while a breach is often intentional and malicious.
Gitleaks Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.
Repo Scraper. Check your projects for possible password (or other sensitive data) leaks.
Whispers. Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can integrate it in your CI/CD pipeline.
Horusec. Horusec is an open source tool that performs a static code analysis to identify security flaws during the development process.
Dumpster Diver. DumpsterDiver is a tool, which can analyze big volumes of data in search of hardcoded secrets like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords. Additionally, it allows creating a simple search rules with basic conditions (e.g. report only csv files including at least 10 email addresses). The main idea of this tool is to detect any potential secret leaks.
Snyk. Snyk scan your projects for security issues, including security vulnerabilities and license issues. The following shows an example of Snyk CLI test command output.
Sshgit Sshgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security breach.
Hawkeye The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines.
Checkov. Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Helm charts,Kustomize, Dockerfile, Serverless, Bicep or ARM Templates and detects security and compliance misconfigurations using graph-based scanning.