Sensitive Data: High number of Secrets¶
Identifier:
high_number_of_secrets
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner |
|---|---|---|
Description¶
When secrets management is not properly implemented, sensitive credentials like API keys, tokens, and passwords can leak to the public. It may lead to data breaches, unauthorized access, financial loss and even legal penalties.
Configuration¶
Example¶
Example configuration:
---
security_tests:
high_number_of_secrets:
assets_allowed:
- REST
- GRAPHQL
- WEBAPP
detection_threshold: 1
skip: false
Reference¶
assets_allowed¶
Type : List[AssetType]*
List of assets that this check will cover.
detection_threshold¶
Type : integer
Threshold to trigger alert if the number of values found.
skip¶
Type : boolean
Skip the test if true.