Prowler HUB

Check if secret scanning is enabled to detect sensitive data in the repository

repository_secret_scanning_enabled

Severityhigh

Ensure that scanners are in place to detect and prevent sensitive data, such as confidential ID numbers, passwords, and other sensitive information, from being committed in the source code. This check verifies that secret scanning is enabled to identify and prevent sensitive data from being included in the repository.

Risk

If secret scanning is not enabled, sensitive data may be inadvertently committed to the repository, increasing the risk of data breaches and exploitation by attackers.

Run this check with Prowler CLI

prowler github --checks repository_secret_scanning_enabled

Run in Prowler Cloud

Recommendation

Enable secret scanning in the repository settings to automatically detect and prevent sensitive data from being committed to the codebase.

Source Code

Resource Type

GitHubRepository

References

https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning

Check MetadataEdit

Check CodeEdit