Entropy Scanner detects high entropy strings in your code. This extension is implemented as a language server and client for Visual Studio Code.
High entropy strings may contain passwords, authentication tokens or private keys and should not be committed into version control. This extension provides real time insight into high entropy strings. You should still run pre-commit checks and scan code during continuous integration using another tool like tartufo.
Features
- Highlight high entropy strings using Visual Studio Code diagnostics
- Provides quick actions for excluding specific signatures
- Respects the
exclude-signatures,exclude-path-patternsandexclude-entropy-patternsoptions from yourtartufo.toml
Known issues
- This extension will nuke any comments in your
tartufo.tomlfile when making changes, I haven't found a JavaScript TOML parser that does otherwise. Suggestions welcome!