scan-for-secrets 0.2

2026-04-05 · Source: Simon Willison's Weblog · Field: Technology & Digital — Software Development & Engineering, Cybersecurity & Data Privacy · Depth: Intermediate, quick

Summary

The `scan-for-secrets` CLI tool has been updated to version 0.2, introducing several enhancements for scanning files and directories for sensitive information. Key improvements include streaming results as they are found, which significantly benefits performance when scanning large directories. Users can now specify multiple directories using the `-d/--directory` option and target individual files with the new `-f/--file` option. Additionally, the release provides new Python API functions, `scan_directory_iter()`, `scan_file()`, and `scan_file_iter()`, for programmatic integration. A verbose option, `-v/--verbose`, has also been added to display directories as they are scanned.

Key takeaway

For DevOps engineers or security teams preparing to share codebases, `scan-for-secrets` 0.2 offers improved efficiency and flexibility. You should integrate this updated tool into your pre-commit hooks or CI/CD pipelines to ensure no sensitive data is inadvertently exposed, leveraging the new streaming and multi-directory scan capabilities for faster analysis of large projects.

Key insights

Version 0.2 of `scan-for-secrets` enhances secret detection with streaming results and flexible scanning options.

Principles

• Stream results for large datasets
• Offer flexible input methods

Method

The tool scans specified files or directories, now streaming results incrementally, and offers a verbose mode to track scanning progress.

In practice

• Scan multiple directories simultaneously
• Integrate via new Python API functions

Topics

• scan-for-secrets
• Secret Scanning
• CLI Tool
• Python API
• Directory Scanning

Code references

• simonw/scan-for-secrets

Best for: Software Engineer, Security Engineer, DevOps Engineer

Related on AIssential

• scan-for-secrets 0.3 — The `scan-for-secrets` tool now offers both CLI and programmatic secret redaction capabilities.
• scan-for-secrets 0.1 — The `scan-for-secrets` tool prevents accidental secret exposure by scanning files for literal and encoded keys.
• GitHub Expands Secret Scanning with General Availability of MCP Server Integration — GitHub's MCP Server integration extends secret scanning to AI-driven workflows, enabling automated credential detection and remediation.
• aquasecurity / trivy — Trivy is a comprehensive security scanner for diverse targets and issue types.
• LinkedIn Leverages GitHub Actions, CodeQL, and Semgrep for Code Scanning — LinkedIn modernized its SAST pipeline using GitHub Actions, CodeQL, and Semgrep for consistent, scalable, and developer-friendly code security.
• LiteLLM Supply Chain Attack: What Happened, Who’s Affected, and What You Should Do Right Now — A litellm supply chain attack compromised PyPI, exfiltrating credentials via malicious package versions.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Simon Willison's Weblog.