Skip to main content

Detect hardcoded secrets in your Container Registries

calendar icon   Release Date: March 19, 2025

Container Registries Thumbnail

We are excited to introduce Secret detection for Container Registries, including:

  • microsoft-azure-container-registry Azure Container Registry
  • amazon-ecr Amazon Elastic Container Registry
  • google-artifact-registry Google Artifact Registry
  • jfrog JFrog Artifactory
  • dockerhub DockerHub

Secrets often end up in container images due to common mistakes during development and image creation, mainly:

  • Hardcoding Secrets in Code: Developers may directly embed sensitive credentials, such as API keys or passwords, into application code, which gets packaged into container images.
  • Misconfigured Dockerfiles: Commands like ENV or RUN in Dockerfiles can inadvertently expose sensitive data during the build process.

By identifying and addressing hardcoded credentials early in the development pipeline, this feature significantly minimizes the risk of security breaches, helping you prevent the unintended exposure of sensitive information before it even reaches production.

Container Registries Dashboard

Check out our Blog Post to learn more!


Fixes

  • Jira Cloud Issue Tracking Integration: Fixed an issue where Jira project keys were incorrectly changed during synchronization.