Integrate Whispers with Vulnetix. Scan source code and configuration files for hardcoded secrets including AWS keys, API tokens, passwords, and private keys with minimal false positives.
Python, YAML, JSON, HCL, INI, XML, and moreCLI toolJSON
Install & scan
$ # Recommended — run without global install uv run --with whispers whispers --version # Install globally pip install whispers $ # Basic scan with JSON output uv run --with whispers whispers . --output whispers.json # Include static code analysis uv run --with whispers whispers . -a --output whispers.json
Run Whispers in CI
Scan on every push and upload the results to Vulnetix:
- name: Scan for hardcoded secrets
run: |
pip install whispers
whispers . -a --output whispers.json
- name: Upload to Vulnetix
run: vulnetix upload --file whispers.json
Centralise Whispers results in Vulnetix
Upload Whispers JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.