"Google Veles is a newly released open-source secret scanner, launched as part of Google's broader OSV-SCALIBR (Software Composition Analysis LIBRary) ecosystem. Veles integrates seamlessly with other OSV-SCALIBR tools and also powers secret scanning in Google Cloud, while remaining available as a standalone module. Veles is designed to detect unintended exposure of sensitive credentials across your organization's internal systems. It helps you find secrets where they don't belong, so you can prevent them from being abused."
"Google will use Veles as the secret scanner for Google Cloud products, including Artifact Registry and Security Command Center (SCC). By integrating Veles into SCC, Google aims to support both shift-left and shift-right security approaches, which means scanning for secrets not only at the infrastructure level but also across Compute Engine and GKE. Google also says their open source security team is using Veles to scan hundreds of millions of open-source artifacts."
Veles is an open-source secret scanner integrated with the OSV-SCALIBR ecosystem and available as a standalone module. Veles detects unintended exposure of sensitive credentials across organizational internal systems and helps locate secrets to prevent abuse. Veles will serve as the secret scanner for Google Cloud products such as Artifact Registry and Security Command Center, enabling both shift-left and shift-right scanning across infrastructure, Compute Engine, and GKE. Google’s open source security team uses Veles to scan hundreds of millions of open-source artifacts. Built packages, Docker images, registries, and distribution channels can all leak credentials. Veles is implemented as a Go library, allowing developers to directly integrate its API.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]