GitHub secret scanning disabled or bypassed
Description
AlphaSOC detected that GitHub secret scanning was either disabled or bypassed. This security feature scans repositories for sensitive information, such as API keys, passwords, and tokens, in code commits. When this feature is disabled or circumvented, repositories may be vulnerable to the accidental exposure of secrets through code commits.
Impact
Disabling or bypassing secret scanning increases the risk of exposing sensitive credentials and tokens. These secrets could potentially be discovered and exploited by threat actors to gain unauthorized access to systems, services, and data. This may lead to account compromises, data breaches, and service disruptions.
Severity
| Severity | Condition |
|---|---|
Medium | GitHub secret scanning disabled or bypassed |
Investigation and Remediation
Review audit logs to identify who disabled secret scanning and when. If applicable, re-enable secret scanning on affected repositories and conduct a scan of repository history for any potentially exposed secrets. Consider rotating credentials or tokens that may have been exposed during the period when scanning was disabled. Review repository access permissions, and implement branch protection rules that require secret scanning. Educate developers on secure coding practices and proper secret management to prevent future occurrences.