Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
CodeClimate API keys or secrets appear to be hard-coded directly in the source code. Storing sensitive credentials in code exposes them to anyone with access to the repository, making them vulnerable to leaks.
Impact#
If attackers obtain these credentials, they can access your CodeClimate account, potentially exposing code quality data, manipulating reports, or abusing linked integrations. This can lead to data breaches, unauthorized changes, and reputational damage for your organization.