Sqreen Token

Description

General

• Documentation: https://docs.sqreen.com/
• Summary: Sqreen is an application security management software that enables to protect applications, microservices, and APIs from malicious attacks. It exposes its services via an API.
• IPs allowlist: This feature is not mentioned in the documentation.
• Scopes: Sqreen allows to create one token per environment in which applications are deployed.

Revoke the secret

Secrets can be revoked and regenerated from the developer's dashboard.

Check for suspicious activity

Sqreen does not provide an exhaustive log of all API calls. But slack integration or the use of webhooks can give hints about suspicious usage of credentials.

Details for Sqreen Token

• Family: token

• Category: code_analysis

• Company: Sqreen

• High recall: True

• Validity check available: False

• Analyzer available: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.04

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - org_

Examples

- text: |
    sh > sqreen-install.sh && bash sqreen-install.sh 'org_8bdf8d8bcabfbe20ded38b10a07510b2b6dd9ac5786467c6a2fdf88193e9' '${SQREEN_APP_NAME}'
    RUN sqreen-installer config
  apikey: org_8bdf8d8bcabfbe20ded38b10a07510b2b6dd9ac5786467c6a2fdf88193e9

# Fat-fingered secret
- text: Xorg_8bdf8d8bcabfbe20ded38b10a07510b2b6dd9ac5786467c6a2fdf88193e9
  apikey: org_8bdf8d8bcabfbe20ded38b10a07510b2b6dd9ac5786467c6a2fdf88193e9