gitleaks

Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in Git repos. Gitleaks is an easy-to-use, all-in-one solution for detecting secrets, past or present, in your code.

The detect command is used to scan repos, directories, and files. This command can be used on developer machines and in CI environments.
The protect command is used to uncommitted changes in a git repo. This command should be used on developer machines in accordance with shifting left on security.