Ctrlk
Book a demo

Secret and PII Scanning

OX scans your environment for exposed secrets and sensitive information across source code, Git history, containers, runtime assets, and CI/CD systems.

Different organizations often require different detection behavior depending on their environment, development practices, and security requirements.

For example:

  • Development teams may intentionally use mock credentials or placeholder values that should not generate findings

  • Organizations may use proprietary token structures or internal credentials that are not recognized by OX by default

  • Security teams may want to focus remediation efforts only on active and exploitable credentials

OX allows you to adapt secret and PII detection behavior to your organization's needs.

Custom detection and exclusion patterns apply across supported OX scanning engines.

Area
Supported detections

Secrets scan

Secrets and PII in code and Git history

CI/CD posture

Secrets echoed in workflow logs

Container security

Secrets and PII in containers

Cloud context

Secrets and PII in runtime and cloud functions

Common security goals

Goal
Recommended capability

Ignore development-only credentials or placeholder values

Exclude Secret/PII Patterns

Reduce repeated false positives

Exclude Secret/PII Patterns

Detect proprietary API tokens or internal credentials

Custom Secret/PII Pattern Detection

Detect organization-specific PII formats

Custom Secret/PII Pattern Detection

Prioritize active credentials over inactive secrets

Secret Validation

Note: Use exclusions to suppress known false positives. Use custom detection to identify additional secrets or PII that OX does not currently recognize.

Configuring secret and PII detection

  1. Go to Settings > Scan settings > Secrets.

  1. Enable the required option.

Option
What it does

Secret Validation

Checks whether supported detected secrets are active

Exclude Secret/PII Patterns

Prevents matching patterns from being reported as findings

Custom Secret/PII Pattern Detection

Allows OX to detect organization-specific secret or PII patterns

  1. Configure the required exclusion or custom detection patterns in the relevant section.

Changes are applied automatically after they are updated.

Last updated