Static analysis secrets scanning
Secrets scanning is disabled by default. To enable secrets scanning, use the options
-es,
--enableSecrets
or -so,
--secretsOnly
with appscan
prepare
or appscan.sh
prepare
.
AppScan on Cloud supports scanning of secrets for the following platforms and providers:
Provder/Platform | Secret |
---|---|
Alibaba Cloud | alibaba_cloud_access_key_id |
Alibaba Cloud | alibaba_cloud_access_key_secret |
AWS | aws_access_key_id |
AWS | aws_secret_access_key |
AWS | aws_session_token |
Atlassian | atlassian_api_token |
Atlassian | atlassian_jwt |
Azure | azure_cosmosdb_key_identifiable |
Azure | Azure CosmosDB connection string |
Azure | azure_devops_personal_access_token |
Azure | azure_sas_token |
Azure | azure_search_admin/query_key |
Azure | azure_sql_connection_string |
Azure | azure_storage_account_key |
Azure | Azure storage account connection string |
DataBricks | databricks_access_token |
GitHub | github_oauth_access_toke n |
GitHub | github_personal_access_token |
GitHub | github_refresh_token |
Google Cloud | google_api_key |
Google Cloud | google_cloud_private_key_id |
Open AI | openai_api_key |
Stripe | stripe_live_restricted_key |
Stripe | stripe_live_secret_key |
Stripe | stripe_test_restricted_key |
Stripe | stripe_test_secret_key |
mongodb | API authentication |
mongodb | Connection URL |
Jenkins | Jenkins password/passphrase |
credit card numbers | Credit card numbers |
Social Security Numbers (SSN) | Social Security Numbers |