This pattern describes how to use the open-source git-secrets tool from AWS Labs to scan Git source repositories and find code that might potentially include sensitive information, such as user passwords or AWS access keys, or that has any other security issues.

git-secrets scans commits, commit messages, and merges to prevent sensitive information such as secrets from being added to your Git repositories. For example, if a commit, commit message, or any commit in a merge history matches one of your configured, prohibited regular expression patterns, the commit is rejected.

Prerequisites and limitations

Prerequisites 

• An active AWS account

• A Git repository that requires a security scan

• A Git client (version 2.37.1 and later) installed

Architecture

Target architecture 

• Git

• git-secrets

https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/scan-git-repositories-for-sensitive-information-and-security-issues-by-using-git-secrets.html?did=pg_card&trk=pg_card