Hard-coded secret detected.

• Rule ID: gitleaks
• Source: N/A

Description

Hard-coding secrets in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded. This rule is part of the secrets scanner and language agnostic.

Remediations

Do not hard-code secrets in committed code. Instead, use environment variables and a secret management system.

Resources

• Gitleaks

Associated CWE

• CWE-798: Use of Hard-coded Credentials

OWASP Top 10

• A07:2021 - Identification and Authentication Failures

Configuration

This is a built in rule that represents findings from the secrets scanner.

To enable this during a scan, use the following flag

bearer scan /path/to/your-project/ --scanner=secrets,sast