Secrets

When analyzing your code with NG SAST, your results will include Secrets, or hard-coded values (e.g., client Secrets, username/password combinations) and sensitive information (e.g., phone numbers and addresses), along with any other vulnerabilities identified.

Scanning for Secrets

Be proceeding, please ensure that you have set up and authenticated with ShiftLeft. Then, analyze your application to obtain information about any secrets that are present in your application.

By default, ShiftLeft looks for Secrets, though you may modify the NG SAST configuration file to change ShiftLeft's default behavior.

NG SAST also scans all *.properties files included for the presence of Secrets.

Viewing Your Results

All of the Secrets that ShiftLeft identifies as being present in your application will appear in the Vulnerabilities Dashboard.

To access your results:

  1. Log in to the ShiftLeft Dashboard and select the appropriate organization.
  2. In the list of Applications, find the one in which you're interested and click to open.

You will see a summary page of all vulnerabilities identified by ShiftLeft, including Secrets.

Vulnerabilities Dashboard Indicating Secrets Detected

Clicking on the Secrets Detected box will display a full list of Secrets ShiftLeft identified:

List of Identified Secrets in ShiftLeft's Dashboard