List of software quality issues with the number of affected components.
category ALL
Policies
Info
Count
Category
Detected presence of plaintext credentials within network protocol strings.
Causes risk: web service credentials found
3
secrets
Problem
Various network communication protocols allow including plaintext authentication credentials. Information such as user names and passwords could be passed through a non-encrypted channel, and therefore intercepted by malicious actors. Credentials are considered secrets, and should be kept encrypted until they are used. This policy control matches the following URI pattern protocol://username:password@domain within any software package component.Prevalence in PyPI community
21 packages
found in
Top 100
85 packages
found in
Top 1k
369 packages
found in
Top 10k
6869 packages
in community
Next steps
Review the reported matches. If the warning refers to a placeholder credential value, it can be safely ignored.
Problem
Private keys and certificates are considered sensitive information that should not be included in released software packages. However, developers frequently release sensitive information alongside their applications to facilitate automated software testing. Testing keys and certificates often proliferate through the software supply chain. When such information gets shared publicly, it is catalogued by file reputation databases. Any private key and certificate files seen by a file reputation database prior to configured time threshold can be automatically suppressed. Commonly shared sensitive information is not considered to be secret.Prevalence in PyPI community
38 packages
found in
Top 100
164 packages
found in
Top 1k
747 packages
found in
Top 10k
16783 packages
in community
Next steps
Review the commonly shared sensitive information for evidence of inadvertently exposed secrets.
If the keys were published unintentionally and the software has been made public, you should revoke the keys and file a security incident.