TEL AVIV and NEW YORK – June 2, 2022 – Apiiro, the leader in Cloud-Native Application Security, today announced the findings of its “Secrets Insights Across the Software Supply Chain” report. Apiiro’s security research team, together with 15 industry experts, collaborated to deliver the industry’s first contextual secrets research in private repositories revealing the critical business impact of secrets in code.
In the era of agile and cloud-native application development, software engineers and DevOps are more empowered than ever before. They can quickly set up cloud infrastructure and deploy code whereas before they needed the help and approval of other departments.
This means that risks are distributed across design, code, open-source packages, secrets, Infra-as-Code, Source Control, CI/CD servers, and cloud infrastructure which makes the remediation lifecycle longer and more complex.
One of the most common risks and the source of some high-profile cloud-native application attacks is the use of secrets in code across the software supply chain.
Apiiro’s security research team, supported by a group of industry leaders and experts in the field, conducted an analysis of 25,000+ repositories ranging from small to large organizations, including 1,900,000+ commits and 820,000+ pull requests across the software supply chain. Of the 45,000+ secrets detected, they uncovered key insights that include:
Additional findings include:
“The first ever contextual analysis of organizations’ internal repositories reveals the true magnitude of secrets in code,” said Moshe Zioni, Vice President of Security Research at Apiiro. “Our research team found eight times the amount of secrets in internal-facing repositories than previously reported on public repositories, a critical statistic for security teams looking to prevent a severe breach that can cause serious damage to an organization.”
Apiiro would like to thank all industry experts listed in this report for their contribution.
To read the full report, visit https://apiiro.com/secrets-insights-2022
Apiiro helps security and development teams proactively fix risks across the software supply chain – before releasing to the cloud. Backed by Greylock and Kleiner Perkins. www.apiiro.com.
Offleash PR for Apiiro