Skip to main content

Coveralls Personal Token



  • Documentation:
  • Summary: Coveralls is a developments tool that helps monitoring code coverage. Repositories on Coveralls can be managed via an API using a dedicated token. This detector aims at catching those tokens.
  • IPs allowlist: This feature is not mentioned in the documentation.
  • Scopes: All tokens have the same permissions.

Revoke the secret#

Tokens can be deleted or created from the user's account page.

Check for suspicious activity#

The web application shows a last used date for each token.

Details for Coveralls personal token#

  • Family: Api

  • Category: Code analysis

  • Company: Coveralls

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.08

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - coveralls


- text: |    coveralls_token=QEAuo5Pufwa2TGqQpst3a1HFSp3v9mKTFd4aJ  apikey: QEAuo5Pufwa2TGqQpst3a1HFSp3v9mKTFd4aJ- text: |    coveralls_secret=HpdRcNheCBfZ5RcrQcqit1zADgyDcUmjQR9j  apikey: HpdRcNheCBfZ5RcrQcqit1zADgyDcUmjQR9j # shorter length