Whispers

Whispers is an open-source static analysis tool developed by Skyscanner that parses structured text files including JSON, YAML, XML, and configuration files to detect hardcoded credentials such as passwords, API keys, AWS secrets, private keys, and authentication tokens by extracting and analyzing key-value pairs through pattern matching and validation checks. The tool integrates seamlessly into CI/CD pipelines through CLI interfaces and provides customizable detection rules with configurable severity levels to enable developers and security teams to identify and remediate exposed secrets in static structured text formats throughout the software development lifecycle.