Secrets Scanner

Pre-commit hook that scans modified files for accidentally leaked secrets and blocks the commit.

4.9(142 reviews)

52,100 installs

by GitHub

About

Runs before any tool call that would commit code, scans the diff or staged files for 20+ secret patterns (AWS, GitHub, Stripe, JWT, private keys), and blocks the action if a likely secret is found. Supports warn-only mode and an allowlist for false positives.

Hook Configuration (hooks.json)

{
  "hooks": [
    {
      "event": "preToolUse",
      "matcher": "Bash(git commit*)",
      "command": ".github/hooks/secrets-scanner/scan-secrets.sh",
      "env": {
        "SCAN_MODE": "block",
        "SCAN_SCOPE": "staged",
        "SECRETS_LOG_DIR": "logs/copilot/secrets"
      }
    }
  ]
}

Triggers:preToolUsemode: block

Related Hooks

Hook

compliance

FREE

Dependency License Checker

Block dependency installs that introduce GPL, AGPL, or other restrictive licenses incompatible with your policy.

licensescompliancedependencies

Community

4.6(41)

18k

★980

Install

# Install hook into your project:
mkdir -p .github/hooks/secrets-scanner
curl -fsSL "https://raw.githubusercontent.com/github/awesome-copilot/main/hooks/secrets-scanner/hooks.json" \
  -o .github/hooks/secrets-scanner/hooks.json

View source on GitHub →

GitHub

@github

View on GitHub

Secrets Scanner

About

Tags

Hook Configuration (hooks.json)

Related Hooks

Dependency License Checker