Analyzers
We have implemented various analyzers to help detect and analyze potential secrets within different types of services and platforms. Each analyzer is designed to handle specific types of secrets and configurations, ensuring that sensitive information is detected and managed appropriately. Below is an overview of the analyzers we have implemented.
| Analyzer | Command | Description |
|---|---|---|
| MongoDB | sls analyze mongodb --secret "<connection-string>" | Inspects MongoDB connection strings, connects to the database, and retrieves information about collections, users, and databases. |
| MySQL | sls analyze mysql --secret "<connection-string>" | Inspects MySQL connection strings, connects to the database, and retrieves information about tables, databases, and user grants. |
| PostgreSQL | sls analyze postgresql --secret "<connection-string>" | Inspects PostgreSQL connection strings, connects to the database, and retrieves information about databases, tables, and user roles. |
| GitHub | sls analyze github --secret "<api-key>" | Inspects GitHub API keys, attempts to access user data, and retrieves information about user details and access scopes. |
| GitLab | sls analyze gitlab --secret "<api-key>" | Inspects GitLab API keys, attempts to access user and project data, and retrieves information about user roles and project visibility. |
| Slack | sls analyze slack --secret "<api-token>" | Inspects Slack API tokens, attempts to access workspace data, and retrieves information about channels, users, and workspace settings. |
Usage
To run an analyzer, use the following command:
sls analyze <analyzer> --secret "<api key or connection string>" # slack, mongodb, mysql, postgresql, github, gitlab,