Repos hosted on GitHub and similar platforms often leak crypto secrets and API keys:
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf (PDF file)
– researchers scanned 13% of public GitHub repos
– 100,000 repos contained secrets; thousands of new secrets are leaked every day
– GitHub develops "token scanning" to help removing secrets, however, dedicated scanners like TruffleHog are ineffective according to the paper
#github #gitlab #token #key #leak #infosec #cybersecurity #security #development #trufflehog