🔐 Scan your code for exposed secrets before committing.
70+ detection patterns for AI keys (OpenAI, Anthropic, Gemini), cloud providers (AWS, Azure, GCP), databases, payment systems, and more.
npm install -g git0xgit0x scan . # Scan current directory
git0x init # Install pre-commit hook
git0x patterns # List all 70+ patterns- 70+ Secret Patterns — AWS, Stripe, OpenAI, Anthropic, GitHub, database URLs, private keys, etc.
- Multiple Output Formats — Human, JSON, SARIF (GitHub Code Scanning), GitHub Actions
- Severity Filtering —
--min-severity critical|high|medium|low - Baseline Support — Ignore known false positives with
.git0xbaseline - Respects .gitignore — Also supports
.git0xignore - Pre-commit Hook — Auto-scan before every commit
git0x scan . # Scan current directory
git0x scan src/ # Scan specific folder
git0x scan . --format json # JSON output for CI
git0x scan . --format sarif # SARIF for GitHub Code Scanning
git0x scan . --format github # GitHub Actions annotations
git0x scan . --min-severity high # Only high/critical
git0x scan . --ci # Exit code 1 if secrets foundgit0x init # Install hook, auto-blocks commits with secretsgit0x baseline # Create .git0xbaseline from current findings- name: Scan for secrets
run: npx git0x scan . --format github --cisecrets:
script: npx git0x scan . --format json --ci| Category | Examples |
|---|---|
| AI Services | OpenAI, Anthropic, Gemini, HuggingFace, Cohere, Replicate |
| Cloud | AWS, Azure, GCP, Vercel, Cloudflare, DigitalOcean |
| Payment | Stripe, Plaid |
| Code Hosting | GitHub, GitLab, NPM, PyPI |
| Databases | MongoDB, PostgreSQL, MySQL, Redis |
| Observability | Datadog, Sentry, New Relic, Grafana |
| Communication | Slack, Discord |
| Security | Private Keys (RSA, SSH), JWT, Basic Auth |
.gitignore— Respected automatically.git0xignore— Additional patterns to ignore.git0xbaseline— Finding hashes to allow
MIT