Linux command
noseyparker 命令
文件
复制后可按需替换文件名、目录或参数。
常用示例
Scan a local directory
noseyparker scan --datastore [db.np] [path/to/directory]
Scan a Git repository
noseyparker scan --datastore [db.np] --git-url [https://github.com/user/repo]
Report findings
noseyparker report --datastore [db.np]
Report in JSON format
noseyparker report --datastore [db.np] --format json
Scan with specific rules
noseyparker scan --datastore [db.np] --rules [path/to/rules.yml] [path/to/directory]
List available built-in rules
noseyparker rules list
Summarize datastore contents
noseyparker summarize --datastore [db.np]
说明
Nosey Parker is a command-line tool for detecting secrets and sensitive information in textual data and Git repositories. It scans source code, configuration files, and commit history to find accidentally committed credentials, API keys, private keys, and other sensitive data. The tool uses a datastore model where scan results are persisted to a local database, allowing incremental scanning and deduplication of findings. Multiple scans can feed into the same datastore, and reports can be generated at any time from the accumulated data. Nosey Parker includes over 150 built-in detection rules covering common secret patterns like AWS keys, GitHub tokens, private SSH keys, database connection strings, and more. Custom rules can be defined in YAML format for organization-specific patterns. The scanner is written in Rust for high performance and can process large codebases quickly. It performs content-aware scanning that understands Git history, examining all commits and branches rather than just the current state.
参数
- scan
- Scan inputs for secrets and store findings in a datastore.
- report
- Report findings from a datastore.
- summarize
- Summarize datastore contents without detailed findings.
- rules
- Manage and inspect detection rules.
- github
- Interact with GitHub for scanning repositories.
- --datastore _PATH_
- Path to the datastore (required for scan/report/summarize).
- --git-url _URL_
- Clone and scan a Git repository from URL.
- --format _FORMAT_
- Output format for report (human, json, jsonl, sarif).
- --rules _PATH_
- Path to custom rules file (YAML format).
- --max-file-size _BYTES_
- Skip files larger than specified size.
- --jobs _N_
- Number of parallel scanning jobs.
- --ignore _PATTERN_
- Glob patterns for paths to ignore.
- --blob-metadata
- Include blob metadata in findings.
- -h, --help
- Display help information.
- -V, --version
- Display version information.
FAQ
What is the noseyparker command used for?
Nosey Parker is a command-line tool for detecting secrets and sensitive information in textual data and Git repositories. It scans source code, configuration files, and commit history to find accidentally committed credentials, API keys, private keys, and other sensitive data. The tool uses a datastore model where scan results are persisted to a local database, allowing incremental scanning and deduplication of findings. Multiple scans can feed into the same datastore, and reports can be generated at any time from the accumulated data. Nosey Parker includes over 150 built-in detection rules covering common secret patterns like AWS keys, GitHub tokens, private SSH keys, database connection strings, and more. Custom rules can be defined in YAML format for organization-specific patterns. The scanner is written in Rust for high performance and can process large codebases quickly. It performs content-aware scanning that understands Git history, examining all commits and branches rather than just the current state.
How do I run a basic noseyparker example?
Run `noseyparker scan --datastore [db.np] [path/to/directory]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does scan do in noseyparker?
Scan inputs for secrets and store findings in a datastore.