Beyond Code: Secrets Sprawl Across the SDLCHardcoded secrets are everywhere, but especially in security blind spots like collaboration platforms and containers environments where security controls are typically weaker: Slack: 2.4% of channels within analyzed workspaces contained leaked secretsJira: 6.1% of tickets exposed credentials, making it the most vulnerable collaboration toolDockerHub: 98% of detected secrets were embedded exclusively in image layers, with over 7,000 valid AWS keys currently exposed The Non-Human Identity CrisisNon-human identities (NHIs)—including API keys, service accounts, and automation tokens—now vastly outnumber human identities in most organizations.
Private Repositories: A False Sense of SecurityThe analysis reveals a startling truth: a full 35% of all private repositories scanned contained at least one plaintext secret, shattering the common assumption that private repositories are secure: AWS IAM keys appeared in plaintext in 8.17% of private repositories—over 5× more frequently than in public ones (1.45%)Generic passwords appeared nearly 3× more often in private repositories (24.1%) compared to public ones (8.94%)MongoDB credentials were the most frequently leaked secret type in public repositories (18.84%) "Leaked secrets in private code repositories must be treated as compromised," emphasized Eric Fourrier.
BOSTON, March 11, 2025 (GLOBE NEWSWIRE) -- GitGuardian, the security leader behind GitHub's most installed application, today released its comprehensive "2025 State of Secrets Sprawl Report," revealing a widespread and persistent security crisis that threatens organizations of all sizes.
The story "GitGuardian Report: 70% of Leaked Secrets Remain Active for Two Years, Urging Immediate Remediation" has 572 words across 29 sentences, which will take approximately 3 - 5 minutes for the average person to read.
Which news outlet covered this story?
The story "GitGuardian Report: 70% of Leaked Secrets Remain Active for Two Years, Urging Immediate Remediation" was covered 1 days ago by GlobeNewswire, a news publisher based in China.
How trustworthy is 'GlobeNewswire' news outlet?
GlobeNewswire is a fully independent (privately-owned) news outlet established in 1998 that covers mostly technology news.
The outlet is headquartered in China and publishes an average of 58 news stories per day.
It's most recent story was published 9 hours ago.
What do people currently think of this news story?
The sentiment for this story is currently Neutral, indicating that people are not responding positively or negatively to this news.
How do I report this news for inaccuracy?
You can report an inaccurate news publication to us via our contact page. Please also include the news #ID number and the URL to this story.
