Phantom Secrets: The Hidden Threat in Code Repositories

July 1, 2024 | Aqua Security reveals that API tokens, credentials, and passkeys remain exposed in code repositories, even after deletion. This “phantom secrets” issue affects major platforms like GitHub, Bitbucket, and GitLab, posing significant risks.

Aqua found that almost 18% of secrets might be overlooked by standard scanning methods, leaving sensitive information accessible. This problem persists due to how SCM systems save deleted or updated commits.

To mitigate these risks, organizations must implement comprehensive secret management practices and regular audits of their repositories.

[Read the full article]

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Benchmark your cybersecurity against peers with our Free Quick Start Risk Assessments tool!
This is default text for notification bar