1、The state of Secrets Sprawl on GitHubHOW LEAKY CAN IT GITGITGUARDIAN STATE OF SECRETS SPRAWL ON GITHUB2SummarySecrets Sprawl 4Findings 7Where leaks come from 10Why 11What type of secrets do we find 12File extensions that cause data breaches 13Pro bono alerting 16What happens after a leak 17Recommend

2、ations 20To conclude 21GITGUARDIAN STATE OF SECRETS SPRAWL ON GITHUB3GitHub is more than ever“The Place to Be”for developers when it comes to innovating,collaborating and networking.This amazing“octoverse”gathers more than 50 million developers working on their personal and/or professional projects.

3、So when 60 million repositories are created in a year and nearly 2 billion contributions*are added,some mistakes can happen,such as leaked secrets,Intellectual Property or PII.Some companies may think:I dont really care about public GitHub,we are not open sourcing our code,everything is stored on ou

4、r private repositories.But what about the developers of these companies they most likely have open source repositories and can leak secrets.*State of the octoverse 2020GITGUARDIAN STATE OF SECRETS SPRAWL ON GITHUB4Lets now focus on secrets.You would say that secrets stored in internal Version Contro

5、l Systems is a very bad practice but in fact it is much more frequent than you would think.But why is that?API keys,database connection strings,private keys,certificates,usernames and passwords As organizations move to cloud architectures,SaaS platforms and microservices,developers handle increasing

6、 amounts of sensitive information,more than ever before.To add to that,companies are pushing for shorter release cycles,developers have many technologies to master,and the complexity of enforcing good security practices increases with the size of the organization,the number of repositories,the numbe