Hey all, I created Gistsecrets.io and use it pretty regularly to alert people when they've checked in plaintext passwords on Gists.
All the app does is scrape the public Gists feed every few seconds and looks for the word "secret" or "password". It has a lot of false positives but I've found a few legit usernames/passwords checked in. It's a fun thing to browse at work when I have downtime.
If you don't know what a Gist is, you can read more about them here [1], they're essentially mini-git repos to quickly share code.
I'd love any feedback.
[1]: https://docs.github.com/en/github/writing-on-github/creating...
Would something like https://github.com/Yelp/detect-secrets be interesting to include? Either as a filtering step to weed out false positives or to find even more secrets (i.e. that aren't near "password" or "secret")