Security News > 2023 > March > Massive GitHub analysis reveals 10 million secrets hidden in 1 billion commits

Massive GitHub analysis reveals 10 million secrets hidden in 1 billion commits
2023-03-09 05:30

GitGuardian scanned 1.027 billion new GitHub commits in 2022 and found 10,000,000 secrets occurrences.

What is interesting beyond this ever-increasing number is that 1 code author out of 10 exposed a secret in 2022.

The widespread belief that hard-coded secrets are primarily committed by junior developers is a misconception.

Frequently, hard-coding secrets occurs because it is more convenient rather than due to a deficiency of knowledge or ability.

Secrets represent more than just credentials; they serve as a secure binding force that connects the various elements of modern software supply chains, spanning from code to cloud.

Live monitoring on GitHub has identified that over 80% of all exposed secrets are present in developers' personal repositories, and a considerable portion of them are actually classified as corporate secrets.


News URL

https://www.helpnetsecurity.com/2023/03/09/github-secrets-exposed/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90
Billion 4 1 0 2 7 10