When analyzing your code with NG SAST, your results will include Secrets, or hard-coded values (e.g., client Secrets, username/password combinations) and sensitive information (e.g., phone numbers and addresses), along with any other vulnerabilities identified.
Scanning for Secrets
By default, ShiftLeft looks for Secrets, though you may modify the NG SAST configuration file to change ShiftLeft's default behavior.
NG SAST also scans all
*.properties files included for the presence of Secrets.
Viewing Your Results
All of the Secrets that ShiftLeft identifies as being present in your application will appear in the Vulnerabilities Dashboard.
To access your results:
- Log in to the ShiftLeft Dashboard and select the appropriate organization.
- In the list of Applications, find the one in which you're interested and click to open.
You will see a summary page of all vulnerabilities identified by ShiftLeft, including Secrets.
Clicking on the Secrets Detected box will display a full list of Secrets ShiftLeft identified: