Secrets Report Import

Hard-coded credentials and tokens detected by secret-scanning tools.

How to import a report

Download and configure the CLI Scanner. See these guidelines.
Use the xygeni report-upload command:
```
xygeni report-upload -n=<Name> --report="path/to/report_file" -f=<format> [--branch="branch"]
```
If the --branch parameter is not set, the branch will be marked as "Unknown".
Move to the Xygeni dashboard to see the results.

Supported formats

Format

Tool

Description

secrets-sarif

<any>

Secrets detected by a secrets tool, in SARIF format

secrets-gitleaks

GitLeaks

Secrets detected by GitLeaks, in JSON format

secrets-trufflehog

TruffleHog

Secrets detected by TruffleHog, in JSON-lines format

secrets-wiz-cli

Wiz CLI

Wiz CLI scan report (secrets), in JSON format

Pull mode

None of the currently supported secret-scanning tools expose a findings API the scanner can pull from — all entries above use convert + upload only. See Pull-mode fetch for the list of tools that do support pull mode.

Dashboard results

If the entered name matches an existing project, the secrets in the report will be added to that project in a new tab. If the project does not exist, a new project will be created.

If you are ingesting a report to an existing project and the secrets do not appear, check the branch of the project. If you have not set the --branch parameter when executing the command, Xygeni could have marked the branch as "Unknown".

PreviousIaC Flaws Report Import NextDAST Report Import

Last updated 3 days ago