Hey Kotlin community! Launching SCAN - A Gradle Plugin for Automatic Secret Detection I've been working on something that I think could be really valuable for our ecosystem, and I'm excited to share it with you all. The Problem: We've all been there - accidentally committing API keys, database passwords, or AWS credentials to version control. It happens to the best of us, but the consequences can be severe. I've seen companies spend weeks dealing with the aftermath of leaked secrets. The Solution: SCAN (Sensitive Code Analyzer for Nerds) - a Gradle plugin that automatically detects sensitive information in your codebase before it gets committed. What makes it interesting for Kotlin developers: Built with Kotlin, for the JVM ecosystem. This isn't a port of an existing tool - it's designed from the ground up to work seamlessly with Gradle and understand JVM project structures. Intelligent detection strategies: Pattern matching for 50+ secret types (AWS keys, GitHub tokens, database URLs, etc.) Entropy analysis to catch base64-encoded or obfuscated secrets Context-aware scanning that understands when something looks like a secret but isn't (reduces false positives) Performance-focused architecture: Memory-efficient streaming for large codebases & Smart filtering to focus on relevant files CI/CD Integration: Works out of the box with GitHub Actions, Jenkins, GitLab CI. The plugin generates JSON reports for automated processing and can fail builds when secrets are detected. Current status: Version 2.0.0 available on Gradle Plugin Portal Comprehensive test suite with 80%+ coverage Documentation with examples and configuration reference Performance tested on large codebases (1000+ files scan in seconds) What I'm looking for: Feedback: Have you used secret detection tools before? What worked well or didn't work for your team? Contributors: This is open source, and I'd love it if you would consider contributing. Links: GitHub Repository: REPO Documentation: DOCS A personal note: I started this project after seeing too many "oops, we leaked our AWS keys" incidents. The Kotlin/JVM ecosystem deserves better security tooling that works the way we actually build software. This is my attempt to make secret detection as natural as running tests or static analysis. If you try it out, I'd love to hear your experience - both positive feedback and areas for improvement. And if you're interested in contributing, the project is structured to make it easy to add new detection patterns or enhance existing functionality. Thanks for taking the time to read this, and I'm looking forward to making our codebases a bit more secure together. Who's willing to give it a try? Drop a reply if you're interested in testing it out or have questions about the implementation.

Looks like a useful tool. 👍 I'll give it a try! 🙂

Thank you. 😊 Contributions are welcome. 😉