1、THE STATE OF SECRETS SPRAWLThe growing problem of secrets sprawling in corporate repositories can only be solved by enabling collaboration between AppSec and Developers.Occurrences of secrets detected per AppSec engineer in 2021GitGuardian State of Secrets SprawlRansomware and other large-scale cybe

2、rattacks(SolarWinds,Colonial Pipelines)or vulnerabilities(Log4Shell)have made headlines around the world.Software supply chain attacks have seen their number explode,and this comes as no surprise considering the plethora of vulnerabilities and misconfigurations found across software development envi

3、ronments.Unsurprisingly,a lot of attacks start with the compromise of a leaked secret.Credentials are a nightmare for security engineers because they can end up in so many places:build,monitoring,or runtime logs,stack traces,and git history.Our data show the extent of publicly exposed secrets on Git

4、Hub has more than doubled since 2020.The problem is not bound to this particular platform,as revealed by our Docker Hub analysis.In 2020,GitGuardian started monitoring private repositories as well,which granted us a unique insight into what really happens behind the scenes.The data reveals that on a

5、verage,in 2021,a typical company with 400 developers would discover 1,050 unique secrets leaked upon scanning its repositories and commits.With each secret detected in 13 different places on average,the amount of work required for remediation far exceeds current AppSec capabilities:with a security-t

6、o-developers ratio of 1:100*,1 AppSec engineer needs to handle 3,413 secrets occurrences on average.This comforted our view that the only way to address the challenge of secrets sprawling within corporate repositories is to enable a shared responsibility between AppSec and Devs.Its safe to say that