Secrets Detection

Overview

Nullify prevents credential leaks and sensitive data exposure from entering your repositories as a core part of Code Review. It identifies hardcoded credentials and sensitive data that should never be in version control, then validates whether those credentials are actually live and exploitable. This combines deterministic pattern matching with NLP-based detectors and real-world validation—catching not just secrets that look dangerous, but secrets that pose an actual risk.

Detection Highlights

• Cloud & infrastructure keys — AWS access keys, Azure storage tokens, GCP API keys, IBM COS, HashiCorp Terraform passwords, DigitalOcean and SoftLayer credentials.

• Developer tooling — GitHub personal access tokens, npm/yarn tokens, Slack webhooks, SendGrid API keys, Stripe, Square, Artifactory, Docker Hub, Compass tokens, and more.

• Authentication artefacts — OAuth client secrets, JWTs, basic-auth credentials, and session identifiers.

• Sensitive data — Email addresses, phone numbers, addresses, dates of birth, government IDs, and payment card details in English-language datasets.

Every alert includes the suspected owner, expiry guidance, and a recommended rotation workflow. Duplicate events are collapsed where rotation tables already show the value.