JFrog's secrets detection searches for known structures and completely random credentials (using suspicious variable matching), ensuring that our detection engines generate minimal false positives.
JFrog Security uses a constantly updated list of more than 150 specific types of credentials. In addition, JFrog Security uses a proprietary generic secrets matcher, for the best coverage possible. It also scans for issues in the certificates used in the software, such as expired or weak certificates.
  • Use of expired certificates
  • Inclusion of plaintext API keys, private keys
© 2023 JFrog Ltd All Rights Reserved