Detect hardcoded secrets in your Container Registries
Release Date: March 19, 2025
We are excited to introduce Secret detection for Container Registries, including:
Azure Container Registry
Amazon Elastic Container Registry
Google Artifact Registry
JFrog Artifactory
DockerHub
Secrets often end up in container images due to common mistakes during development and image creation, mainly:
- Hardcoding Secrets in Code: Developers may directly embed sensitive credentials, such as API keys or passwords, into application code, which gets packaged into container images.
- Misconfigured Dockerfiles: Commands like ENV or RUN in Dockerfiles can inadvertently expose sensitive data during the build process.
By identifying and addressing hardcoded credentials early in the development pipeline, this feature significantly minimizes the risk of security breaches, helping you prevent the unintended exposure of sensitive information before it even reaches production.
Check out our Blog Post to learn more!
Secrets Detection Engine (v2.134)
Bringing enhanced accuracy and broader coverage:
New Detectors
- Azure Logic App Shared Access Signature – New detector for Azure Logic App Shared Access Signature.
Detector Improvements
- LINE Messaging OAuth2 – Removed false positives from the LINE Messaging OAuth2 detector.
- OpenAI API Key – Fixed a bug in the analyzer for OpenAI API Key that prevented it from reporting threads:* scopes.
Detector changes
- FCM API Key – Removed FCM API Key checker since its API was removed.
Miscellaneous
- Add User Agent
GitGuardianin HTTPClient class used by analyzers.
Fixes
- Jira Cloud Issue Tracking Integration: Fixed an issue where Jira project keys were incorrectly changed during synchronization.
