How secret scanning helps fight secret sprawl
Learn about the best secret scanning solutions and how they help protect against breaches due to secret sprawl.
Secrets scanning is a process that allows you to find and identify secrets and other sensitive data hidden in source code or other locations such as documentation. Having the ability to scan for secrets and other sensitive data will:
Help protect your customers' data
Limit the potential for breaches due to leaked credentials
Set your company's reputation as one that prioritizes security
Some things to look for in a secret scanning product:
Relevance of data sources
Minimal false positives
Remediation workflows
Secrets leakage preventionAbility to prevent secrets from leaking in the first place
Checking whether secrets are in use / active
Can check multiple sources such as GitHub, Jira, ADO, GitLab, Bitbucket, and Terraform
Watch HashiCorp Co-founder and CTO Armon Dadgar cover the topic of secret scanning, and it's ability to mitigate secret sprawl in this whiteboard overview.
» Video chapters
0:00 Secrets scanning and introduction
0:30 What is a secret?
1:44 Risk of secrets sprawl
2:00 Sensitive data & how it's different than a secret?
4:15 Where secrets are commonly distributed
5:30 Where should secrets live?
6:40 HCP Vault Radar introduction
7:40 Secrets inventory and unmanaged secrets
9:20 Risk of false positives
10:00 Can we invalidate or validate scan findings?
11:00 Prioritizing scan findings
14:00 Why scanning needs to be a continuous process?