How it works
Ghost analyzes repository contents to detect secret candidates including API keys, tokens, passwords, private keys, and other credentials. Each candidate is evaluated and surfaced as a finding.Running a scan
From the repos list, open the action menu on any repository and select “Scan for Secrets”. The job runs at the repository level (not project-scoped). You can track progress in the Jobs view.Results
After the scan completes, you’ll see a summary of:| Metric | Description |
|---|---|
| Secret candidates detected | Potential secrets identified in the codebase |
| Findings created/closed/reopened | Changes to your findings based on scan results |
secrets agent filter. See findings for more on how to triage and manage them.
Findings
Secret findings appear alongside other findings and can be filtered using thesecrets agent filter. The repo list shows secret counts in the findings column hover card, so you can quickly spot repositories with detected secrets.
Secret findings are associated with the repository, not individual projects. They appear in the findings list for all projects in that repo.