By Checkmarx
2MS is an open source tool that automatically detects credentials and other sensitive details exposed in code repositories and collaboration platforms.
Enterprises are unintentionally exposing thousands of secret credentials every day, leading to cyberattacks, financial loss, and reputational damage. 2MS finds exposed secrets so that you can better protect your organization from attack.
avg. days to identify leaked credentials
M
leaks in public GitHub repos, annually
+
types of secrets detected by 2MS
K+
2MS downloads to date
Use this free tool to identify 170+ types of secrets stored as unencrypted text in code repositories, communication platforms, and content management platforms.
Minimize risk by quickly identifying and eliminating sensitive credentials that may have been unintentionally exposed.
Powerful Secrets Detection
2MS accurately identifies 170+ different types of secrets (login credentials, access tokens, encryption keys, API keys, SSH keys, webhook URLs, etc.) in code repositories (Git repos and local directories), collaboration tools (Slack and Discord), and CMS Platforms (Confluence and Paligo).
2MS accurately identifies 170+ different types of secrets (login credentials, access tokens, encryption keys, API keys, SSH keys, webhook URLs, etc.) in code repositories (Git repos and local directories), collaboration tools (Slack and Discord), and CMS Platforms (Confluence and Paligo).
Automatic Secret Validation
To help prioritize remediation efforts, 2MS automatically attempts to determine which discovered secrets are still valid and operative.
To help prioritize remediation efforts, 2MS automatically attempts to determine which discovered secrets are still valid and operative.
Rule Customization
Detection rules can be customized or added using RegEx expressions, and existing rules can be flagged to be ignored.
Detection rules can be customized or added using RegEx expressions, and existing rules can be flagged to be ignored.
CI/CD Integrations
Secret detection can be automated as part of workflows via integration with GitHub Actions and Azure Pipelines.
Secret detection can be automated as part of workflows via integration with GitHub Actions and Azure Pipelines.
“We view Checkmarx as our trusted partner. They’ve elevated our security posture by consolidating our SAST, SCA, and API Security into a unified platform, Checkmarx One, enabling us to achieve vulnerability remediation, reduce noise, and benefit from strong support.”
“Incorporating Checkmarx’s technology has revolutionized our development culture. It’s more than just technology; it serves as the foundation of our security strategy, ensuring that our applications are secure by design.”
“Checkmarx One definitely checks all my boxes from a security standpoint and has a great interface that’s engaging and easy to use. Some of the solutions we considered were more complicated. With Checkmarx One, it’s easy to get right to the problem with little to no learning curve.”
“The success of our AppSec program can be directly attributed to the tooling, processes and support provided by Checkmarx managed services. Our mission revolves around providing secure and compliant lottery and gaming applications and services to our clients around the globe, and with Checkmarx SAST, SCA and associated components enhanced by their stellar service support, we deliver on this promise with confidence and certainty.”
“After nearly nine years of using Checkmarx’s SAST, CGI’s journey has been one of seamless integration and consistent satisfaction. The last three years have been particularly smooth, reflecting the solution’s reliability and our successful partnership.”
“By Far The Best AppSec Tooling Decision We Have Made!!”
“We were thrilled to find Checkmarx, which helped us improve the SLA for identifying and remediating risk, reduce risk and the number of vulnerabilities, and eliminate high- and medium-risk issues.”
“Checkmarx made security team and developers life easier.”