Xygeni User Guides
  • Welcome to Xygeni
  • Getting Started
    • Create a Free Trial Account
    • Quick start with your code repository
    • Quick start with Xygeni CLI
    • Quick start with a preloaded project
    • Log in to Xygeni
    • Subscribe to Xygeni
  • Introduction to Xygeni
    • Key Concepts
      • Projects in Xygeni
      • Project Baseline
      • Detected Issues
      • Remediation Actions
      • Policies
      • Risk Level
      • SDLC Inventory
      • Standards Compliance
      • GuardRails
    • Xygeni Products
    • How Xygeni works
    • Xygeni Web UI Overview
      • Projects Screen
        • Risk Level
    • Integrating Xygeni into your Workflow
    • Prioritization Funnels
      • Custom Funnels
      • Prioritization Criteria (Stages)
        • Reachability
        • Exploitability
        • Fixable
    • Guardrails
    • Generate a SBOM
    • Reports
      • Trends
      • Scan History
    • Supported Integrations
    • Customizations
  • Xygeni Products
    • Application Security Posture Management (ASPM)
      • ASPM User Interface Guide
      • All Risks
        • Statistics
        • Issues Evolution
        • Issue Comparison Between Different Scans
      • Governance
      • Inventory
        • All Assets
        • Repositories
        • Components
        • CI/CD Assets
        • Delivery Assets
        • Systems & Tools
        • Collaborators
      • Health Check
      • Inventory Scanner
        • Inventory Scanner Configuration
        • Inventory Collaborators Scan
      • Importing reports from 3rd party tools
        • External Scanners Supported
          • Report upload for Kiuwan
            • ExportRule (.java)
    • Code Security (SAST)
      • Code Security (SAST) User Interface Guide
        • Risks (SAST)
        • Malicious Code
      • Malware Scanner
        • Malware Scanner Configuration
        • Malware Detectors
      • SAST Scanner
        • SAST Scanner Configuration
    • Open Source (SCA)
      • Open Source (SCA) User Interface Guide
      • Open Source Components
      • Supported Package Managers for dependency resolution
      • Risks (SCA)
      • OSS Prioritization Funnels
      • OSS Auto-Remediation
      • Malware Early Warning (MEW)
        • How Malware Early Warning works
        • Common types of Malware found in open source packages
      • Dependency Scanner
        • Dependency scanner configuration
        • Dependency Analyzers
      • Suspect Dependencies Scanner
        • Suspect Deps Scanner Configuration
        • Suspect Deps Detectors
    • CI/CD Security
      • CI/CD Security User Interface Guide
      • CI/CD Details
      • Build Attestations
      • CI/CD Scanner
        • CI/CD Misconfigurations Scanner Configuration
      • Compliance Scanner
        • Supported compliance standards
    • Secrets Security
      • Secrets User Interface Guide
      • Secrets Scanner
        • Secrets scanner configuration
      • Secret Leaks Handling
        • Secret Leaks Handling
        • How to Prevent Hard-Coded Secrets
        • Secret Leaks Handling CheatSheet
      • Secrets Auto-Remediation
    • IaC Security
      • IaC User Interface Guide
      • IaC Scanner
        • IaC Scanner Configuration
    • Malware
    • Build Security
      • Build Security Concepts
      • Build Attestations
      • Attestation format
      • How SALT works
      • Installing Salt CLI
      • Salt Command-Line Reference
      • SALT Architecture
      • SALT How To…​
    • Anomalous Activity Detection
      • Anomalous Activity Detection User Interface Guide
      • Xygeni Sensors
        • Xygeni Sensor for Azure
        • Xygeni Sensor for BitBucket
        • Xygeni Sensor for GitHub
          • GitHub Audit Log Processing
        • Xygeni Sensor for GitLab
        • Xygeni Sensor for Jenkins
        • Anomaly Detection's Detectors
      • Code Tampering Scanner
        • Code Tampering Scanner Configuration
    • Compliance & Malware Insights
      • SSCS Compliance
      • Malicious Packages DB
  • Scan Management
    • Manage Scans
    • Scan History
  • Xygeni Scanner CLI
    • Xygeni Scanners
    • Xygeni CLI Overview
      • Xygeni CLI Prerequisites
      • Xygeni CLI Installation
      • Xygeni CLI Docker Image
      • Xygeni CLI Authentication
        • CLI Authentication with Xygeni
      • SCM, CI/ CD and Container Registry tokens
      • Xygeni CLI Operation Modes
        • Single scan
          • Scanning a docker image
        • Multi Scan
        • Organization scan
      • Xygeni CLI Configuration options
      • Xygeni CLI Output Formats
      • Exporting Xygeni results to 3rd party tools
      • Automatic Remediation
      • Generate SBOM with the Xygeni CLI
      • CLI utils
        • Credentials Encryption
        • Central Configuration
      • Xygeni Guardrails
        • CI/CD Audit Analysis
      • Xygeni CLI Error Codes
      • Xygeni Scanner Reference
  • Xygeni Administration
    • Platform Administration
      • Profile
      • Subscription
      • Users Management
      • Projects Management
      • Groups Management
      • Policies
      • Integrations
        • Xygeni Single Sign-On (SSO) Authentication
          • SSO - OKTA
          • SSO - Microsoft Entra ID
        • Integrate Scanner CLI into CI/CD Systems
          • Azure Pipelines Integration
          • BitBucket Integration
          • CircleCI Integration
          • GitHub Actions Integration
          • GitLab Runner Integration
          • Jenkins Integration
          • Travis CI Integration
        • Git Hooks with Xygeni
        • Collaboration & communication Tools
        • Ticketing Systems
        • Remediation systems
      • Notifications
    • Rest API
  • Support
  • Changelog
    • Version 5.11 - April 11, 2025
    • Version 5.9 – March 26, 2025
Powered by GitBook
On this page
  • Block Secrets Leakage at All Stages of Development
  • Comprehensive Secret Detection
  • Real-Time Protection and Instant Feedback
  • Intelligent Validation and Alert Management
  • Tailored Secret Detection
  • Empower Developers with Actionable Insights
  • Unmatched Efficiency and Cost Effectiveness
  • Comprehensive Protection Across Platforms
Export as PDF
  1. Xygeni Products

Secrets Security

PreviousSupported compliance standardsNextSecrets User Interface Guide

Last updated 7 months ago

Block Secrets Leakage at All Stages of Development

Robust defense against secret leakage within the software development lifecycle. Xygeni advanced solution scans, detects, and blocks the publication of sensitive information such as passwords, API keys, and tokens in real-time.

Xygeni Secrets Security acts as your reliable protector, designed to prevent the leakage of critical secrets like passwords, API keys, and tokens. As cyber threats constantly evolve, it’s vital to have a solution that not only detects but actively prevents leakages before they lead to a breach. Xygeni enables your teams to work with confidence, ensuring that your development secrets are kept secure. Adopt Xygeni’s proactive approach and transform your security strategy into a strong asset that builds trust and supports business continuity.

Comprehensive Secret Detection

Xygeni Secrets Security uses sophisticated scanning algorithms to identify over 100 types of secrets with unparalleled accuracy meticulously. Our integration with Git hooks allows for seamless detection and immediate remediation, embedding essential security practices directly into your developers’ workflows.

Real-Time Protection and Instant Feedback

By integrating with development processes via Git hooks, Xygeni Secrets Security offers an immediate line of defense. If secrets are detected before committing to repositories, the process is halted, and developers are guided to secure the exposed data. This proactive approach prevents secrets from entering version history, which can be challenging to fully remove.

Intelligent Validation and Alert Management

Our intelligent validation process effectively differentiates real threats from false positives, reducing ‘alert fatigue.’ This precision ensures that developers receive notifications only for genuine vulnerabilities, promoting a culture of swift and accurate security responses.

Tailored Secret Detection

Central to Xygeni’s strategy is the ability for customers to customize secret detectors, allowing the definition of specific secret patterns and their locations. This tailored approach ensures that the detection of secret leakage is perfectly aligned with your unique business requirements.

Empower Developers with Actionable Insights

Xygeni’s non-intrusive tools enhance the developer experience by providing actionable insights through an intuitive WebUI. Developers receive immediate guidance on handling and remediating identified secrets, fostering a secure development culture, and enabling real-time learning and adoption of best practices.

Unmatched Efficiency and Cost Effectiveness

Xygeni’s systematic risk assessment and prioritization of key vulnerabilities allows teams to focus only on the most critical secrets, reducing unnecessary remediation efforts. Early detection capabilities accelerate remediation, reducing time and costs and preventing expensive impacts of security breaches in production.

Comprehensive Protection Across Platforms

API Tokens and Keys

  • Detection of diverse API tokens and keys, including Amazon MWS Tokens, Alibaba Cloud Keys, Artifactory API Keys, and Azure Personal Access Tokens.

  • Coverage extends to service specific tokens such as GitHub tokens, GitLab Personal Access Tokens, and Google API Keys.

OAuth and 2 Access Tokens

  • Comprehensive scanning for OAuth tokens and other access tokens such as Facebook App Keys, Google OAuth2 Keys, and Slack Access Tokens.

  • Specialized detectors for platform-specific OAuth implementations like Atlassian OAuth2 Client Secrets and Bitbucket OAuth Access Tokens.

Cloud Provider Credentials

  • Detectors for credentials specific to major cloud providers like AWS, Azure, and Google Cloud, including Google Cloud Service Account Keys and Azure Storage Access Keys.

  • Includes detection for less common providers like IBM Cloud and Tencent Cloud.

Cryptographic Keys

  • Identification of cryptographic private keys, including general cryptographic keys and specific formats like Cryptographic Private Key Putty

Database and Data Storage Credentials

  • Scanning for credentials across various database systems such as MySQL, PostgreSQL, and Redis.

  • Detection of other data storage related secrets like RabbitMQ Passwords and LDAP Credentials

Miscellaneous Credentials

  • Detectors for credentials specific to major cloud providers like AWS, Azure, and Google Cloud, including Google Cloud Service Account Keys and Azure Storage Access Keys.

  • Includes detection for less common providers like IBM Cloud and Tencent Cloud.

  • Broad coverage for other types of secrets, such as SSH Passwords, SMTP assignments, and credentials embedded in configuration files like Maven pom.xml or .htpasswd

See Secrets Security Web UI and Secrets Scanner for further information