Detect hardcoded secrets in your Container Registries
Release Date: March 19, 2025
We are excited to introduce Secret detection for Container Registries, including:
Azure Container Registry
Amazon Elastic Container Registry
Google Artifact Registry
JFrog Artifactory
DockerHub
Secrets often end up in container images due to common mistakes during development and image creation, mainly:
- Hardcoding Secrets in Code: Developers may directly embed sensitive credentials, such as API keys or passwords, into application code, which gets packaged into container images.
- Misconfigured Dockerfiles: Commands like ENV or RUN in Dockerfiles can inadvertently expose sensitive data during the build process.
By identifying and addressing hardcoded credentials early in the development pipeline, this feature significantly minimizes the risk of security breaches, helping you prevent the unintended exposure of sensitive information before it even reaches production.
Check out our Blog Post to learn more!
Fixes
- Jira Cloud Issue Tracking Integration: Fixed an issue where Jira project keys were incorrectly changed during synchronization.