What would be the best way to scan a codebase to ensure there are no production-level credentials included in the codebase? We have tried doing Static Scans via some major tools but I do still see some credentials that are still lingering around and possibly more.
What would be the best way to do this?