Secrets detected in source code SCT-1000
Secrets should never be checked into source code. Ideally, they should be injected into the runtime and then the values should be picked from there.
Hardcoded FreshBooks access token in source code SCT-1069
Leaking a FreshBooks access token in source code can cause severe security issues as it can give unauthorized access to FreshBooks resources, leading to a potential data breach and financial loss due to unauthorized utilization of FreshBooks resources.
If an access token has been leaked, it is recommended to regenerate it to mitigate the vulnerability.
Hardcoded Slack web hook in source code SCT-1007
Leaking a Slack web hook URL in source code can cause a security risk as it can give unauthorized access to the Slack workspace and potentially leak sensitive information. If a Slack web hook has been leaked, you can create a new webhook and disable the exposed the exposed one to mitigate the vulnerability.
Hardcoded AWS access token in source code SCT-1002
Leaking an AWS access token in source code can cause severe security issues as it can give unauthorized access to AWS resources, which can result in a data breach and financial loss due to unauthorized utilisation of AWS resources.
If an access token has been leaked, you can rotate your access tokens to mitigate the vulnerability.
Hardcoded PyPI upload API token in source code SCT-1026
Leaking a PyPI upload API token in source code can cause severe security issues as it can give unauthorized access to the PyPI account, which can result in a data breach and financial loss. If an API token has been leaked, you can revoke your API token to mitigate the vulnerability.
Hardcoded SendGrid API token in source code SCT-1032
Using hardcoded SendGrid API tokens in source code can cause severe security issues as it can give unauthorized access to SendGrid resources, which can result in a data breach and financial loss. If an API token has been leaked, you can revoke your API token to mitigate the vulnerability.
Hardcoded Pulumi API token in source code SCT-1025
Leaking a Pulumi API token in source code can cause severe security issues as it can give unauthorized access to Pulumi resources, which can result in a data breach and financial loss. If an API token has been leaked, you can revoke your access token to mitigate the vulnerability.
Hardcoded JavaScript Web Token in source code SCT-1004
Leaking a JavaScript Web Token (JWT) in the source code can pose a serious security risk, as it can give unauthorized access to resources and sensitive information in the web application. This can lead to data breaches and loss of confidential information.
If a JWT secret has been leaked, you can deprecate the old secret and use a new one to mitigate the vulnerability.
Hardcoded HashiCorp Terraform API token in source code SCT-1017
Leaking a HashiCorp Terraform API token in source code can cause severe security issues as it can give unauthorized access to critical infrastructure resources. Unauthorized access to infrastructure resources can lead to system outages, data breaches, and financial loss.
If an API token has been leaked, you can revoke the token to mitigate the vulnerability.
Hardcoded Rapid API access token in source code SCT-1027
Leaking a Rapid API access token in source code can cause severe security issues as it can give unauthorized access to Rapid API resources, which can result in a data breach and financial loss. If an access token has been leaked, you can revoke your access token to mitigate the vulnerability.
Hardcoded RubyGems API in source code SCT-1029
Using a hardcoded RubyGems API key in the source code can pose a serious security risk as it may give unauthorized access to RubyGems resources, leading to a data breach and financial loss. If an API key has been leaked, you can revoke your API key to mitigate the vulnerability.
Hardcoded Telegram Bot API token in source code SCT-1049
Leaking a Telegram Bot API token in source code can cause severe security issues as it can give access to the bot and its resources, leading to potential data breaches and unauthorized usage. It is crucial to ensure that API tokens are not hardcoded in the source code to mitigate these risks.
If a token has been leaked, it is recommended to revoke access to the bot to prevent any further unauthorized access.
Hardcoded TravisCI API key in source code SCT-1050
Leaking a TravisCI API key in source code can lead to severe security breaches as it can provide access to TravisCI resources. This can result in unauthorized utilization of TravisCI resources, potentially leading to data breaches and financial loss.
Hardcoded private key in source code SCT-1001
Leaking private keys in the source code can have serious implications regarding the security of the application. An attacker can gain access to the sensitive data and use it to perform malicious activities. Private keys are meant to be kept secret and are used for encryption, decryption, and authentication purposes.
Hardcoded Google Cloud Platform API key in source code SCT-1003
Leaking a Google Cloud Platform (GCP) API key in the source code can lead to unauthorized access to GCP services, which can result in financial loss and data breaches. Attackers can use this key to perform various malicious activities, such as accessing sensitive data, modifying cloud resources, and running unauthorized applications.
If an API key has been leaked, you can rotate your API keys to mitigate the vulnerability.
Hardcoded Stripe access token in source code SCT-1005
Leaking a Stripe access token in source code can cause severe security issues as it can give unauthorized access to payment processing and customer data, which can result in financial loss due to fraudulent activities and a breach of customer privacy.
If an access token has been leaked, you can rotate it in the Stripe dashboard.
Hardcoded Slack access token in source code SCT-1006
Leaking a Slack access token in source code can cause severe security issues as it can give unauthorized access to Slack resources, which can result in a data breach and loss of sensitive information. If an access token has been leaked, you can rotate your access tokens to mitigate the vulnerability.
Hardcoded GitHub token in source code SCT-1008
GitHub allows generating many types of tokens, like app tokens, OAuth tokens, Personal Access Tokens (PATs), fine-grained PATs, and refresh tokens. Leaking a GitHub token in source code can cause severe security issues as it can give unauthorized access to GitHub resources, which can result in a data breach and financial loss due to unauthorized utilization of GitHub resources.
Hardcoded GitLab token in source code SCT-1009
GitLab allows generating multiple kinds of tokens like Personal Access Tokens (PATs), Pipeline Trigger Tokens (PTTs), and Runner Registration Tokens (RRTs). Leaking a GitLab token in source code can cause severe security issues as it can give unauthorized access to GitLab resources, which can result in a data breach and financial loss due to unauthorized utilization of GitLab resources. If a token has been leaked, you can revoke the token to mitigate the vulnerability.
Hardcoded Atlassian API token in source code SCT-1010
Leaking an Atlassian API token in source code can cause severe security issues as it can give unauthorized access to Atlassian resources, which can result in a data breach and financial loss due to unauthorized utilization of Atlassian resources. If an API token has been leaked, you can revoke your API token to mitigate the vulnerability.