GitGuardian's report highlights a severe escalation of secrets sprawl in 2024, noting a 25% increase in sensitive data leaks, especially hardcoded credentials like API keys and passwords, with 23.8 million instances detected in public GitHub. This surge is largely attributed to generic secrets that lack distinct formatting, which made up 58% of identified leaks. While tools like GitHub's Push Protection have successfully reduced certain credential leaks, they struggle with vague and non-standard secrets, raising concerns about security vulnerabilities and the need for improved detection methods.
The report warns that a significant rise in secrets sprawl is leading to vulnerabilities, with nearly 23.8 million hardcoded secrets found in public GitHub activity during 2024.
A notable contributor to this trend is the increase in hardcoded 'generic' secrets, which accounted for 58% of detected secrets last year, up from 49% in 2023.
Collection
[
|
...
]