Detect Secrets, created by Yelp Engineering, is a Python-based secret scanner designed for large, complex codebases. It uses a plugin architecture to detect high-risk secrets such as API keys, tokens, passwords, and certificates. The tool focuses on false-positive reduction by hashing baseline fingerprints, allowing teams to track only new or changed exposures over time. It integrates with CI pipelines, pre-commit hooks, and enterprise security workflows. Its extensible design and strong baseline mechanism make it popular in large engineering organizations that need scalable, low-noise secret detection.

DevSecOps in Practice