Policies to detect secret leaks

Learn about the out of the box finding policies and templates for secrets leak detection management

Endor Labs comes with the following predefined out-of-the-box finding policies for detecting secrets. These policies are enabled by default. You can choose to edit and make changes to these policies. See Configuring policies for details on policies.

  • Valid Secrets - Use this template to scan the code for active secrets. When a secret is valid, it means that the secret meets the necessary criteria or requirements to be considered acceptable or legitimate within a given context. For example GitHub personal access tokens of an employee that are not yet expired and can be used to access an organization’s codebase. The findings raised for this policy are Critical.
  • Invalid Secrets - Use this template to scan the code for any secrets that are either invalid or cannot be validated.
  • Secrets without validation rules - Use this template to detect secrets that cannot be validated either because there is no validator or the validation failed for any reason.
  • Define custom secret token policy rules - Use this template to detect secrets in the code using a custom secret rule to detect secret of any service that may not be included in the out-of-the box rules.