Security-audit SaaS for indie teams

Env Secrets Scanner
one-click leak detection for your Git history

Connect a GitHub repository, scan every commit for exposed API keys and service credentials, and keep a live watchdog on every new push.

Connect GitHub and scanStart with paid plan

$19/repo/month or $99/org/month.

Why founders use it

  • Get actionable findings instead of raw, noisy CLI output.
  • Monitor fresh commits continuously through GitHub webhooks.
  • Track remediation progress so leaks are closed, not forgotten.

The problem

  • Secrets leak into commits during quick fixes, local testing, and rushed deploys.
  • CLI scanners produce long reports with duplicates and no prioritization.
  • Most teams never watch new commits after an initial audit.

The solution

  • One-click repository onboarding with GitHub OAuth.
  • Full-history scanning for AWS keys, Stripe secrets, OpenAI keys, PATs, and more.
  • Push webhook watchdog catches leaks in new commits within minutes.
  • Every finding includes severity, file path, commit URL, and remediation guidance.

Straightforward pricing

Pay per repository or move to an org plan when you manage multiple codebases.

Solo Repo

Perfect for indie projects that need continuous secret leak monitoring.

$19/repo/mo

  • Unlimited full-history scans
  • Push webhook watchdog
  • Inline remediation guidance
  • Exportable findings timeline
Protect a repository

Org ShieldBest for teams

For founders managing multiple repos and collaborators under one dashboard.

$99/org/mo

  • Up to 10 active repositories
  • Team-wide webhook monitoring
  • Priority scan queue
  • Subscription webhook sync
Protect the organization

FAQ

How is this different from running TruffleHog locally?

TruffleHog is powerful but noisy and manual. Env Secrets Scanner adds persistent scans, cleaner triage, webhook-triggered checks on every push, and remediation status tracking in one dashboard.

Do you scan the entire commit history?

Yes. Initial scans walk commit history on your default branch, inspect added lines in each diff, and store fingerprinted findings to prevent duplicate noise.

Will this block my repository or commit flow?

No. Scanning is read-only. We subscribe to push webhooks and process scans asynchronously so your normal Git workflow stays unchanged.

Can I verify whether a leaked credential is still live?

Yes. The scanner supports optional external verifier APIs so you can enrich findings with likely-live versus likely-invalid status when your security process needs it.

Env Secrets Scanner | Git history + webhook secret detection