🔍 Scan
🎯 Patterns
Built-in patterns for detecting secrets and credentials
Guardy detects 100+ types of secrets including:
API Keys & Tokens
| Pattern | Examples | Confidence |
|---|---|---|
| AWS Access Key | AKIA[0-9A-Z]{16} | 0.95 |
| GitHub Token | ghp_[a-zA-Z0-9]{36} | 0.99 |
| Stripe Key | sk_live_[0-9a-zA-Z]{24} | 0.95 |
| SendGrid Key | SG\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{43} | 0.98 |
| Slack Token | xox[baprs]-[0-9]{10,13}-[a-zA-Z0-9]+ | 0.95 |
| NPM Token | npm_[a-zA-Z0-9]{36} | 0.95 |
Cloud Providers
| Provider | Pattern Types | Examples |
|---|---|---|
| AWS | Access keys, Secret keys, MWS keys | AKIA*, aws_secret_access_key |
| API keys, OAuth tokens, Service accounts | AIza*, private keys | |
| Azure | Connection strings, Keys, Passwords | DefaultEndpointsProtocol= |
| Heroku | API keys | [0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12} |
Authentication
| Type | Pattern | Risk Level |
|---|---|---|
| JWT Token | eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_]* | High |
| Basic Auth | ://[^:]+:[^@]+@ | High |
| Private Key | -----BEGIN (RSA|EC|OPENSSH) PRIVATE KEY----- | Critical |
| Password in URL | password=\S+ | High |
Database & Infrastructure
- PostgreSQL/MySQL connection strings
- MongoDB connection strings
- Redis URLs
- Docker registry credentials
- SSH private keys
Custom Patterns
Define your own patterns:
scanner:
patterns:
- name: "Company API Key"
regex: 'COMP_API_[A-Z0-9]{32}'
confidence: 0.9
severity: high
- name: "Internal Token"
regex: 'internal_token_[a-f0-9]{40}'
confidence: 0.85
severity: medium