Secret Detectors

Secret detectors are sets of rules to discover the presence of sensitive information, such as passwords, API keys, and other credentials, within container images. After discovering these secrets, you can mitigate potential security risks associated with the accidental or intentional exposure of them within containers. 

Secret detectors use regular expression patterns to identify potential secrets. These patterns may include commonly used keywords, specific formats for passwords or API keys, or other secret-related patterns. By matching these patterns against container images, configurations, or data, secret detectors flag the presence of secrets.

There are two types of Secret Detector:

  • System - You can not create this type of Secret Detector. Currently, Qualys offers 85 System Secret Detectors. However, you can change the status and severity of these secret detectors.
  • Custom - Any Secret Detector which you create is considered as a Custom Secret Detector. You can set, re-set all fields of this secret detector. To know more, refer to Working with Custom Secret Detector.

View Secret Detectors Available in Your Account

  1. Go to Configurations > Secret Detection.

    Here, you can view the list of detectors available in your account.

  2. Optional: Use a search query to filter the detectors as required. For more information on search tokens available for secret detectors, see Searching for Secret Detectors.
  3. To view the details of a detector, select View Details from the Quick Actions menu.

    The detector summary shows the regular expression used for discovering secrets.

 

See Also,

Editing Secret Detectors

Detecting Container Secrets