A Breakthrough in Secret Scanning Technology

CatchIT, an open-source secret scanner developed by Goldman Sachs' esteemed Technology Risk Advisory team, has recently made its debut on the cybersecurity stage through its contribution to FINOS (Fintech Open Source Foundation). This sophisticated tool represents a significant advancement in the realm of secret scanning, particularly within the context of DevSecOps pipelines where rapid, or rather, extremely rapid scanning capabilities are paramount.

AquilaX Adopts CatchIT's Model: Enhancing Secret Scanner Efficiency

Recognizing the value and technical methodology embedded within CatchIT, AquilaX sought to replicate its efficiency within its own Secret Scanner. This endeavor involved leveraging tools such as grep and regex lists sourced from various repositories, including CatchIT itself.

Technical Analysis: CatchIT vs. TruffleHog and Semgrep

Comparative analysis against other prominent secret-scanning tools such as truffleHog and Semgrep reveals a substantial reduction in scanning times, from an average of 3-10 seconds down to a mere 0.4 seconds. This significant enhancement can be attributed to the strategic use of GREP calls, which optimize scanning processes by avoiding the need to load content into memory for analysis. While this approach necessitates more intricate engineering integration, the resultant speed gains ensure minimal disruption to DevOps workflows.

Engineering Integration: Optimizing Speed without Compromise

Furthermore, CatchIT's rapid scanning capabilities facilitate its integration as a pre-receive or pre-commit hook, enabling seamless incorporation into development pipelines with negligible impact on overall processing times.

Seamless Integration: CatchIT as a Pre-receive or Pre-commit Hook

In conclusion, the technical innovation embodied by CatchIT has garnered widespread recognition and adoption within the cybersecurity community. AquilaX stands as a testament to this acknowledgment, embracing CatchIT's foundational principles and integrating them into its own Secret Scanner. Through collaborative efforts and technological advancements, the landscape of secret scanning in DevSecOps continues to evolve, paving the way for enhanced security practices and more efficient development processes.

References
GitHub CatchIT Goldman Sachs Developer Portal Fintech Open Source Foundation (FINOS)
Follow AquilaX Security at:

Join the AquilaX AppSec community of developers and security engineers on their mission to build secure products and apps.


Our Mission

Revolutionize software security with user-friendly, AI-powered solutions for a cost-effective approach to SDLC vulnerability reduction. Making security available from day one, without prior AppSec Skills



AquilaX DevSecOps AquilaX DevSecOps AquilaX badge
Documentation

Designed with passion for Security |
2024 © AquilaX Ltd

v4.9.1