Hardcoded secrets

hardcoded-secrets

In the event of a source-code disclosure via file read vulnerability, accidental commit, etc, hard-coded secrets may be exposed to an attacker. This may result in database access, cookie forgery, and other issues. This rule detects missing hard-coded secrets by checking the prod configuration.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-798: Use of Hard-coded Credentials
OWASP:
- A05:2021 - Security Misconfiguration

Cross site websocket hijacking Hsts not enabled

⌘I

Start Here

Setup

Pull Request Review

Scan center

Integrations

IDE

CLI

Rule Reference

Resources