Sensitive Data and Secrets Coverage

Plerion Workload Scanner will report on exposed secrets, such as API keys and passwords, from plain text file types found on the workload.

The current supported sensitive data types are:

VendorType(s)
AdobeClient ID, Client Secret
AgeSecret Key
AlibabaAccessKey ID, Secret Key
AsanaClient ID, Asana Client Secret
AsymmetricPrivateKeyprivate-key
AtlassianAPI Token
AWSSecret Access Key
BeamerAPI Token
BitbucketClient ID, Client secret
ClojarsAPI Token
ContentfulDeliveryAPI Token
DatabricksAPI Token
DiscordClient ID, Client Secret, API Key
DockerDocker config secret
DopplerAPI Token
DropboxAPI Key, API Secret, Short-lived API token, Long-lived API token
DuffelAPI Token
DynatraceAPI Token
EasypostAPI Token
FacebookAPI Token
FastlyAPI Token
FinicityAPI Token, Client Secret
FlutterwavePublic Key, Secret Key, Encrypted Key
FrameioAPI Token
GitHubPAT, OAuth Access Token, App Token, Refresh Token, Fine-grained PAT
GitLabPersonal Access Token
GoCardlessAPI Token
GoogleGoogle (GCP) Service-account
GrafanaAPI Token
HashiCorpAPI Token
HerokuAPI Key
HubSpotAPI Token
IntercomClient ID, Client Secret
IonicAPI Token
JWTJWT Token
LinearAPI Token, Client Secret, Client ID
LinkedInClient ID, Client Secret
LobAPI Key, Publishable API Key
MailchimpAPI Key
MailgunWebhook Signing Key, Private API Token
MapboxAPI Token
MessageBirdClient ID, API Token
NewRelicUser API Key, User API ID, Ingest Browser API Token
npmAccess Token
PlanetscaleAPI Token, Password
PostmanAPI Token
PulumiAPI Token
PyPIUpload Token
RubyGemsAPI Token
SendGridAPI Token
SendinblueAPI Token
ShippoAPI Token
ShopifyAPI Token
SlackAccess Token
StripeSecret Key, Publishable Key
TwilioAPI Key
TwitchAPI Token
TwitterAPI Token
TypeformAPI Token
VulnerabilitiesSBOM