This article will expose how our algorithms detect secrets and what we have learnt from scanning, literally, billions of commits.

Mackenzie Jackson

18 Dec 2020 – 9 min read

Secrets including API tokens, passwords and credentials are the keys to the kingdom. Yet storing secrets inside git including GitHub & GitLab is a problem. Security experts discuss why this is & how to solve this.

Mackenzie Jackson

17 Nov 2020 – 11 min read

This article looks at how SAP built an internal secrets scanning solution to detect API keys and other credentials hardcoded in git repos and revoke them.

Mackenzie Jackson

8 Oct 2020 – 10 min read

Despite secrets like API keys, OAuth tokens, certificates and passwords being extremely sensitive, it is common for these to leak into git repositories through source code. This article looks at why this is true and how we can prevent it.

Mackenzie Jackson

4 Sep 2020 – 6 min read

Credential theft is already a well-known adversary technique but the risk expands much wider when introducing secrets such as API keys. This article looks at automated secrets detection, the challenges, and potential solutions.

Mackenzie Jackson

28 Aug 2020 – 3 min read

The first in a series of articles that will take a deep dive into secrets within source code: In this article, we will look at the concept of secret sprawl, the unwanted distribution of secrets through multiple systems, and how we can prevent it.

Mackenzie Jackson

24 Jul 2020 – 6 min read

An in depth guide intended for CISOs, application security and other security professionals who want to protect their organizations from credentials leaked on GitHub.

Jérémy Thomas

20 May 2020 – 8 min read

Why precision and recall are such important metrics to consider when evaluating the performance of classification algorithms such as secrets detection.

Mackenzie Jackson

6 May 2020 – 6 min read

November 2018: Here is what we've learned, achieved, and what's coming next.

Jérémy Thomas

8 Nov 2018 – 3 min read