Secrets #13
Secrets #13
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| access_key = "AKIAIOSFODNN7EXAMPLE" | ||
| secret_key = "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" No newline at end of file |
Check failure
Code scanning / checkov
AWS Access Keys
![prisma-cloud-devsecops[bot]](https://avatars.githubusercontent.com/in/135857?s=60&v=4){kind=small}
| @@ -0,0 +1,3 @@ | |||
| provider "aws" { | |||
| access_key = "AKIAIOSFODNN7EXAMPLE" | |||
There was a problem hiding this comment.
AWS Access Keys
Resource: 25910f981e85ca04baf359199dd0bd4a3ae738b6 | Bridgecrew ID: 807098694255043584_GIT_1682561894307 | Checkov ID: CKV_SECRET_2
Description
https://docs.bridgecrew.io/docs/git_secrets_2| @@ -0,0 +1,3 @@ | |||
| provider "aws" { | |||
| access_key = "AKIAIOSFODNN7EXAMPLE" | |||
| secret_key = "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" No newline at end of file | |||
There was a problem hiding this comment.
Base64 High Entropy Strings
Resource: c00f1a6e4b20aa64691d50781b810756d6254b8e | Bridgecrew ID: BC_GIT_6 | Checkov ID: CKV_SECRET_6
Description
Entropy checks help detect unstructured secrets by measuring the entropy level of a single string. Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters. Strings with a high entropy score are flagged as suspected secrets.| password=sdlhf9wy23rr7843y65 | ||
|
|
||
| const CIRCLE_CI = "2065ae463be5e534bb1d074a366d44e7a776d472" | ||
| const JIRA = "5FP0NmFYz81U32XdjNb42762" |
There was a problem hiding this comment.
Atlassian Oauth2 Keys
Resource: ca5a7a58eecd8ca88771b5c8d82ea36e1560a968 | Bridgecrew ID: BC_GIT_25 | Checkov ID: CKV_SECRET_25
Description
OAuth is an authorization protocol that contains an authentication step. OAuth allows a user (resource owner) to grant a third-party application (consumer/client) access to their information on another site (resource). This process is commonly known as the OAuth dance. Jira uses 3-legged OAuth (3LO), which means that the user is involved by authorizing access to their data on the resource (as opposed to 2-legged OAuth, where the user is not involved).In Jira, a client is authenticated as the user involved in the OAuth dance and is authorized to have read and write access as that user. The data that can be retrieved and changed by the client is controlled by the user's permissions in Jira.
The authorization process works by getting the resource owner to grant access to their information on the resource by authorizing a request token. This request token is used by the consumer to obtain an access token from the resource. Once the client has an access token, it can use the access token to make authenticated requests to the resource until the token expires or is revoked.
| user Admin=Admin | ||
| password=sdlhf9wy23rr7843y65 | ||
|
|
||
| const CIRCLE_CI = "2065ae463be5e534bb1d074a366d44e7a776d472" |
There was a problem hiding this comment.
CircleCI Personal Token (Invalid)
Resource: dc2d287afbb58f52653293de4a2d49cbf3d9c293 | Bridgecrew ID: BC_GIT_29 | Checkov ID: CKV_SECRET_29
Description
To use the CircleCI API or view details about your pipelines, you will need API tokens with the appropriate permissions. This document describes the types of API tokens available, as well as how to create and delete them.There are two types of API token you can create within CircleCI.
Personal: These tokens are used to interact with the CircleCI API and grant full read and write permissions.
Project: These tokens allow you to read/write information for specific projects. Project tokens have three scope options: Status, Read Only, and Admin. - Status tokens grant read access to the project’s build statuses. Useful for embedding status badges. - Read Only tokens grant read only access to the project’s API. - Admin tokens grant read and write access for the project’s API.
No description provided.