Hard-coded secrets up 67% as secrets sprawl threatens software supply chain
The number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded secrets and accelerating secrets sprawl (storing secrets in many different places) are threatening the security of software supply chains.
Hard-coded secrets pose significant security risks because they are often stored in plain text, making it easier for attackers to extract them from source code. They can also be inadvertently disclosed or exposed through other security vulnerabilities like code injection or data leaks.