IssueGuard is a Google Chrome extension designed to detect sensitive information such as API keys, tokens, passwords, and credentials within GitHub issue reports. The tool combines regex-based candidate extraction with a fine-tuned CodeBERT model to provide accurate, context-aware secret detection in real time.
This system helps users analyze issue content directly on the GitHub page, preventing accidental secret leakage without requiring developers to navigate away from their workflow.
The overall methodology of IssueGuard is shown below:
IssueGuard classifies extracted candidates into two categories: Secret and Non-sensitive, based on the annotation criteria defined in the following work:
Sadif Ahmed, Md Nafiu Rahman, Zahin Wahab, Gias Uddin, and Rifat Shahriyar. "Secret Breach Prevention in Software Issue Reports." (2025). Link: https://arxiv.org/abs/2410.23657
- Python 3.12.0 or higher
- Google Chrome browser
git clone https://github.com/nafiurahman00/IssueGuard.git
cd IssueGuardpip install -r requirements_fastapi.txtDownload the pre-trained CodeBERT model from GitHub releases:
- Go to the GitHub Releases page
- Download the
models.zipfile from the latest release - Extract the
models.zipfile in the root directory of the project
After extraction, verify that the model files are present at:
models/balanced/microsoft_codebert-base_complete/
python main.py- Open Google Chrome and navigate to
chrome://extensions/. - Enable "Developer mode" using the toggle switch in the top right corner.
- Click on "Load unpacked" and select the
IssueGuardExtensiondirectory from the cloned repository. - The IssueGuard extension should now appear in your list of extensions.
- Ensure the backend server is running
- Open any GitHub issue creation page
- Start writing or pasting text in the issue description box
IssueGuard will automatically analyze the content. Detected secrets are highlighted, and a tooltip lists all true secrets identified by the model. Regex-captured false positives are ignored based on the model’s classification.
Example GitHub issue pages for testing:
https://github.com/*any-repo*/issues/new
Any public issue creation form containing text inputs
Video demonstration: https://www.youtube.com/watch?v=kvbWA8rr9cU