Sensitive Data: Hardcoded Secret in JavaScript Bundle¶
Identifier:
js_hardcoded_secret
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Hardcoded secrets in JavaScript bundles expose API keys, tokens, and credentials to anyone who can access the bundle.
How we test: We statically analyze first-party JavaScript bundles to detect hardcoded API keys, authentication tokens, private keys, and other secrets using pattern matching and entropy analysis.
References:
Configuration¶
Example¶
Example configuration:
Reference¶
issues_count_limit¶
Type : integer
The maximum number of issues to report. Use 0 to report all issues.
skip¶
Type : boolean
Skip the test if true.