Built this after getting frustrated with scanners that find secrets but leave fixing to you. Autonoma fixes hardcoded secrets automatically — but only when it's confident the fix is safe. If it can't guarantee safety, it refuses and tells you why. Before: SENDGRID_API_KEY = "SG.live-abc123xyz987" After: SENDGRID_API_KEY = os.getenv("SENDGRID_API_KEY") When it can't fix safely: API_KEY = "sk-live-abc123" → REFUSED — could not guarantee safe replacement Tested on a real public repo with live exposed Azure Vision and OpenAI API keys. Fixed both. Refused one edge case. Nothing else touched. MIT licensed. Runs locally. No telemetry. |
No comments yet