"Security engineer Luke Marshall analyzed more than 5.6 million public GitLab Cloud repositories for exposed secrets in a large-scale investigation. Using TruffleHog, he identified 17,430 still-valid credentials spread across more than 2,800 organizations. The investigation built on an earlier scan of Bitbucket, where significantly fewer secrets were found despite the lower number of repositories. Marshall thus shows that GitLab contains a higher concentration of leaked data and that this problem is structural within development platforms."
"To systematically search the entire GitLab environment, Marshall used the public GitLab API and a Python script that retrieved all projects via pagination. The list of 5.6 million unique repositories was then processed via AWS Simple Queue Service. An AWS Lambda function took each repository from the queue, performed a TruffleHog scan, and recorded the results. He describes that each Lambda call performed a simple scan with a set concurrency of a thousand processes."
"The results show a clear pattern. GitLab contains nearly three times as many working secrets as Bitbucket and also has a 35 percent higher density of leaked data per repository. Most of the exposed credentials date from after 2018, but Marshall also discovered keys from 2009 that were still usable. This points to long-standing credentials that were once stored in earlier version control systems and were migrated along with them."
A scan of 5.6 million public GitLab repositories found 17,430 still-valid credentials across more than 2,800 organizations. The search used the public GitLab API, pagination, AWS SQS, and AWS Lambda running TruffleHog, finishing in just over 24 hours at about $770. GitLab contains nearly three times as many working secrets as Bitbucket and a 35% higher density of leaked data per repository. Most exposed credentials date after 2018, but usable keys from 2009 were also present, indicating migrated legacy secrets. Many leaked items were cloud and service access keys, including over 5,000 Google Cloud keys, MongoDB keys, Telegram tokens, OpenAI keys, and more. Over 400 GitLab tokens were found, illustrating platform locality.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]