Detect-secrets

detect-secrets is an open-source secrets detection tool developed by Yelp that prevents API keys, passwords, tokens, and other credentials from being committed to source code repositories by scanning code using heuristic regex patterns and Shannon entropy analysis to identify potential secrets before they enter version control. The tool operates through pre-commit hooks and CI/CD pipeline integration with a baseline mechanism that acknowledges existing secrets while preventing new ones from being added, providing an auditing system for developers to review and label findings to maintain high signal-to-noise ratios and minimize false positives.