Bearer v1.1.0
  • Join the Discord Community
  • Join us on GitHub
  • Get Started
  • Get Started

    • Quick Start
  • Guides

    • Using the GitHub action
    • Create a custom rule
  • Explanations

    • Scanner types
    • Report types
    • Sensitive data flow
  • Reference

    • Installation
    • Configuration
    • Commands
    • Rules
    • Data Types
    • Supported Languages
  • Contributing

    • Overview
    • Contribute code
    • Contribute documentation
    • Contribute new recipes
  • Reference
  • Rules

Hard-coded secret detected.

  • Rule ID: ruby_lang_hardcoded_secret
  • Languages: ruby
  • Source: hardcoded_secret.yml

Description

Applications should store secret values securely and not as literal values in the source code.

Remediations

✅ Retrieve secrets from a secure location at runtime

Resources

  • OWASP hardcoded passwords
  • OWASP secrets management cheat sheet

Associated CWE

  • CWE-798: Use of Hard-coded Credentials

OWASP Top 10

  • A07:2021 - Identification and Authentication Failures

On this page

Overview
  1. Description
  2. Remediations
  3. Resources
  4. Associated CWE
  5. OWASP Top 10

Contribute

  • Edit this page
  • Leave feedback