Whispers

Whispers is a static code analysis tool that is designed to parse various common data formats. Its primary purpose is to search for hardcoded credentials and potentially dangerous functions. You can run Whispers from the command line interface (CLI), or you can integrate it into your continuous integration/continuous deployment (CI/CD) pipeline.

It detects various sensitive items including Passwords, API tokens, AWS keys, Private keys, Hashed credentials, Authentication tokens, Dangerous functions, and Sensitive files. Whispers supports multiple formats such as YAML, JSON, XML, .npmrc, .pypirc, .htpasswd, .properties, pip.conf, conf/ini, Dockerfile, Dockercfg, Shell scripts, Python3, JavaScript, Java, Go, PHP, AWS credentials files, JDBC connection strings, Jenkins config files, SpringFramework Beans config files, Java Properties files, Dockercfg private registry authentication files, and Github tokens. Python3 files are specifically parsed as Abstract Syntax Trees (ASTs) due to native language support. It is important to note that Whispers is designed as a structured text parser rather than a code parser.