Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.51.0 to 0.52.0. - [Commits](https://github.com/golang/crypto/compare/v0.51.0...v0.52.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-version: 0.52.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> |
||
|---|---|---|
| .. | ||
| cmd/portia | ||
| internal | ||
| learn | ||
| pkg/types | ||
| testdata/fixtures | ||
| .gitignore | ||
| .golangci.yml | ||
| .portia.toml.example | ||
| Justfile | ||
| LICENSE | ||
| README.md | ||
| go.mod | ||
| go.sum | ||
| install.sh | ||
README.md
██████╗ ██████╗ ██████╗ ████████╗██╗ █████╗
██╔══██╗██╔═══██╗██╔══██╗╚══██╔══╝██║██╔══██╗
██████╔╝██║ ██║██████╔╝ ██║ ██║███████║
██╔═══╝ ██║ ██║██╔══██╗ ██║ ██║██╔══██║
██║ ╚██████╔╝██║ ██║ ██║ ██║██║ ██║
╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝
Secrets scanner for codebases and git repositories, written in Go.
This is a quick overview. Security theory, architecture, and full walkthroughs are in the learn modules.
What It Does
- 150 detection rules covering AWS, GitHub, GitLab, GCP, Azure, Slack, Stripe, Twilio, SendGrid, SSH/PGP keys, passwords, connection strings, JWTs, and 100+ more
- Shannon entropy analysis for detecting high-randomness strings
- HIBP breach verification via k-anonymity protocol (your secrets never leave your machine)
- Directory scanning and full git history scanning (branches, depth, date ranges)
- Output as colored terminal tables, JSON, or SARIF v2.1.0
- 5-layer false positive defense: keyword pre-filter, structural validation, stopwords, allowlists, entropy
- Concurrent pipeline with bounded worker pools
- TOML configuration via
.portia.tomlorpyproject.toml
Install
curl -fsSL https://raw.githubusercontent.com/CarterPerez-dev/portia/main/install.sh | bash
Or with Go:
go install github.com/CarterPerez-dev/portia/cmd/portia@latest
Quick Start
portia scan .
[!TIP] This project uses
justas a command runner. Typejustto see all available commands.Install:
curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
Commands
| Command | Description |
|---|---|
portia scan [path] |
Scan a directory for secrets |
portia git [repo] |
Scan git history for secrets |
portia init |
Initialize .portia.toml configuration |
portia pyproject |
Create pyproject.toml with [tool.portia] config |
portia config rules |
List all 150 detection rules |
portia config show |
Show active configuration |
Flags: --format (terminal/json/sarif), --verbose, --no-color, --exclude, --max-size, --hibp, --config
Git flags: --branch, --since, --depth, --staged
Learn
This project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | Secret sprawl, entropy, and breach databases |
| 02 - Architecture | System design and data flow |
| 03 - Implementation | Code walkthrough |
| 04 - Challenges | Extension ideas and exercises |
License
AGPL 3.0