Ferret – find hardcoded secrets in your API collections

Ferret is a new offline CLI security tool designed for small development teams that automatically scans API collections from Bruno, Postman, and Insomnia to detect hardcoded secrets like AWS keys and GitHub tokens, plus common API security vulnerabilities based on OWASP guidelines. The tool runs entirely locally without cloud connections, features built-in false positive suppression, and integrates with CI/CD pipelines to catch security issues before production deployment.