Skip to main content

Secret found in a GitHub repository

ID:github_secret_scanning_alert
Data type:GitHub
Severity:
Medium
MITRE ATT&CK:TA0006:T1552.001

Description

AlphaSOC detected an exposed secret in a GitHub repository. Secrets include sensitive information such as API keys, passwords, tokens, and certificates that may be used in GitHub Actions workflows or embedded in application code.

Impact

Exposed secrets enable unauthorized access to systems, data, and services. If discovered, these credentials could be used by threat actors to move laterally through networks, escalate privileges, or exfiltrate data. Compromised secrets may lead to data breaches, service disruptions, and compliance violations depending on the type and scope of the exposed secret.

Severity

SeverityCondition
Medium
Secret found in a GitHub repository

Investigation and Remediation

Immediately revoke and rotate any exposed secrets. Remove them from the GitHub repository and Git history using appropriate tools. Review repository access logs to identify any potential unauthorized usage of the credentials. Consider enabling branch protection rules and required reviews to prevent future exposures. Implement GitHub secrets management features to securely store sensitive values.

Further Reading