Sponsor: GitGuardian

For the third year running, GitGuardian presents its State of Secrets Sprawl report, the most extensive analysis of secrets exposed on GitHub and beyond.

Their team of experts scanned and analyzed 1.027B new commits in 2022 (+20% compared to 2021) to uncover the latest trends and identify the most pressing challenges facing developers today.

The main question they seek to answer each year is, "How many new secrets were exposed on GitHub in the preceding year?" The answer is staggering: their analysis reveals 10 million new secrets occurrences were exposed on GitHub in 2022. That's a 67% increase compared to 2021.

Dev & Ops teams from large organizations use thousands of secrets like API keys and other credentials in order to interconnect these components together. As a result, they now have access to more sensitive information than companies can keep track of.

The risk is that these secrets are now spreading everywhere. We call “secrets sprawl” the unwanted distribution of secrets in all the systems developers use. Secrets sprawl is even more difficult to control with growing development teams, sometimes spread over multiple geographies. Not even taking into consideration that developers are under hard pressure due to a growing number of technologies to master and shortened release cycles.

In this whitepaper, GitGuardian looks at the implications of secrets sprawl, and presents solutions for Application Security to further secure the SDLC by implementing automated secrets detection in their DevOps pipeline.