Datadog Secret Scanning scans code to find exposed secrets. Datadog also attempts to validate secrets and surface their status (valid, invalid) to help you prioritize secrets remediation.

Set up Secret Scanning

Scans can run in your CI/CD pipelines or directly in Datadog with hosted scanning (GitHub-only). To get started, go to the Code Security Setup and click Activate scanning for your repositories or learn how to set up Secret Scanning using GitHub actions or with other CI providers.

Secret Scanning rules

Datadog Secret Scanning is powered by Sensitive Data Scanner (SDS) and includes all of the rules in the Secrets and credentials category of SDS.

Further Reading

Additional helpful documentation, links, and articles:

Detect and block exposed credentials with Datadog Secret ScanningBLOG