This is a supportive repository for OWASP WrongSecrets. Here we create our binaries which are included in the official project. Want to add a challenge related to secrets hiding in binary? Open a ticket at WrongSecrets issues. Want to fix something you found in one of the binaries: open a ticket or a PR here.
This repository uses pre-commit lite with automated code formatting to maintain code quality with minimal friction. The lightweight configuration automatically fixes formatting issues for Rust and Go code. See docs/PRE_COMMIT.md for setup instructions.
This repository includes comprehensive security scanning using GitHub's free tools:
- Languages Covered: C, C++, Go, C#/.NET, Swift
- Triggers: Push to main/master, pull requests, manual dispatch, weekly schedule
- Integration: Results automatically uploaded to GitHub Security tab
- Languages Covered: All languages (C, C++, Go, Rust, C#/.NET, Swift)
- Rulesets:
- OWASP Top 10 security issues
- CWE Top 25 vulnerabilities
- Secrets detection
- General security audit rules
- Integration: SARIF results uploaded to GitHub Security tab
Security scan results are available in the repository's Security tab under Code scanning alerts. The scans run automatically on code changes and weekly on Sundays at 3 AM UTC.
Leaders:
Top contributors:
- Puneeth Y @puneeth072003
- Rodolfo Cabral Neves @roddas
- Diamond Rivero @diamant3
- Joss Sparkes @remakingeden
We would like to thank the following parties for helping us out:
GitGuardian for their sponsorship which allows us to pay the bills for our cloud-accounts.
Jetbrains for licensing an instance of Intellij IDEA Ultimate edition to the project leads. We could not have been this fast with the development without it!
Docker for granting us their Docker Open Source Sponsored program.
1Password for granting us an open source license to 1Password for the secret detection testbed.
Copyright (c) 2020-2025 Jeroen Willemsen and WrongSecret contributors.