Question 1

How to integrate Credential Digger into my CI/CD pipeline?

Accepted Answer

You can use the pre-commit hook for local checks or integrate with Jenkins via Piper, as documented in the README's CI/CD Pipeline Integration section. This automates scans in your workflow.

Question 2

Credential Digger vs GitLeaks: which is better?

Accepted Answer

Credential Digger uses machine learning models to reduce false positives, while GitLeaks relies more on regex patterns. Credential Digger offers a Docker UI and VS Code extension, but has platform limitations compared to GitLeaks' broader OS support.

Question 3

How to add custom scanning rules to Credential Digger?

Accepted Answer

Create a YAML file following the template provided in the rules.yml, then use the CLI command 'credentialdigger add_rules' or the Python library's add_rules_from_file method to load them before scanning.

Question 4

Does Credential Digger work with private GitLab repositories?

Accepted Answer

Yes, it supports scanning private GitLab repos as part of its multi-platform scanning features, along with GitHub and local sources, as stated in the README.

Question 5

What machine learning models does Credential Digger use?

Accepted Answer

It uses models like PathModel and PasswordModel to filter discoveries. You can enable them during scans via CLI flags or Python library arguments to improve accuracy.

Question 6

How to update Credential Digger to a new version?

Accepted Answer

Refer to the wiki for specific update steps, as mentioned in the README, because updates may require manual procedures like database migrations or dependency changes.

Credential Digger

What is Credential Digger?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions