SecureLayer/Secrets_Scanning_Checklist.md

• Scans for secrets in both IaC and application code 
• Augments secrets scanning with the context of an IaC file around the secret

• Natively integrates into existing developer tools, such as VCS and IDEs 
• Natively integrates into existing developer tools, such as VCS and IDEs 
• Integrates with DevOps workflows such as CI/CD pipelines 
• Surfaces both the exposed secret and the context around that secret to streamline risk prioritization and remediation 
• Blocks secrets from being pushed to a repository before a pull request is opened via a pre-commit hook and surfaces exposed secrets as part of a pull request scan

• Leverages regular expression, keyword and entropy-based scanning 
• Employs domain-specific secret detectors 
• Built on top of a large signature-based policy library 
• Continuously scans for exposed credentials across the development lifecycle, from build-time to runtime 
• Scans all source code files and version histories to identify secrets buried deep within your codebase

• Includes both signature-based and entropy-based secrets scanning 
• Entropy model accounts for the string’s context to identify complex secrets types and reduce the false positive rate

• Constitutes one component of a singular code security solution, which consolidates tool sprawl and minimizes coverage gaps 
• Continuously scans for exposed secrets, misconfigurations in IaC files and vulnerabilities in open source code and container images 
• Gives complete visibility into all security issues and dependencies via a Supply Chain Graph 
• Monitors and prevents misconfigurations and vulnerabilities throughout the development lifecycle to give you code-to-cloud coverage

• Aligns secrets scanning feedback with CIEM functionality such as visibility, tracking and right-sizing 
• Gives context into which secrets are being used by which identities 
• Reduces unused and risky permissions