March 16, 2026
·
8 min read
·
Go
DevSecOps
Security
Open Source
369 Rules, Zero Trust: CredVigil, an Open-Source Credential Scanner in Go
I saw it constantly — API keys in JMeter scripts, database strings hardcoded in test configs, tokens in CI/CD pipelines. Every time: rotate, and "we should really scan for this." So I built the thing: a secrets scanner with triple-signal detection and a zero-trust post-processing pipeline that never stores raw credentials.
Read post →