Repo Secret Scanner — Architecture & Design
Overview The Repo Secret Scanner at cybergrind.org/tools/repo-scanner/ scans public GitHub repositories for exposed credentials — AWS keys, GitHub tokens, Slack tokens, Stripe keys, private keys, and more — without ever cloning the repository. It runs entirely on a Cloudflare Worker, reads files directly via the GitHub API, and returns a severity-scored dashboard of findings with matched secrets redacted before they ever leave the scanner. ...