| ||Ask HN: How are you monitoring source code for secrets?|
14 points by dvdhnt 7 months ago | hide | past | web | favorite | 2 comments |
|I've been researching Static Code Analysis and available implementations. One feature that'd be nice is flagging of secrets, API keys, and passwords. Amazon Macie mentions this as a use case but appears only to work with data in an S3 bucket .|
After browsing available AWS products, nothing sticks out to me as an obvious solution. I saw Sonar but their TypeScript support appears to be less effective - which is expected to some degree since it's originally a Java tool .
Is there an AWS solution to this? Or do you have a recommendation?
PS - this would of course be in addition to our existing code review process.
| Apply to YC