The Rising Threat of Secrets Sprawl and the Need for Action
May 23, 2023
Application Security
The most precious asset in today's information age is the secret safeguarded under lock and key. Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity. The report shows a 67% year-over-year increase in the number of secrets found, with 10 million hard-coded secrets detected in 2022 alone. This alarming surge in secrets sprawl highlights the need for action and underscores the importance of secure software development. Secrets sprawl refers to secrets appearing in plaintext in various sources, such as source code, build scripts, infrastructure as code, logs, etc. While secrets like API tokens and private keys securely connect the components of the modern software supply chain, their widespread distribution among developers, machines, applications, and infrastructure systems heightens the likelihood of leaks. Cybersecurity Incidents Highlight the Danger