Sensitive Data: High number of Secrets¶

Identifier: high_number_of_secrets

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

When secrets management is not properly implemented, sensitive credentials like API keys, tokens, and passwords can leak to the public, potentially leading to data breaches, unauthorized access, financial loss, and legal penalties.

How we test: We scan responses and analyze content to detect secrets such as API keys, tokens, passwords, and other sensitive credentials. We count the number of secrets found and alert if the count exceeds the configured threshold, indicating poor secrets management practices.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  high_number_of_secrets:
    detection_threshold: 3
    skip: false

Reference¶

`detection_threshold`¶

Type : integer

Threshold to trigger alert if the number of values found.

`skip`¶

Type : boolean

Skip the test if true.