Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Sensitive JFrog API keys have been found hard-coded in the source code. Storing credentials directly in code makes them easy to leak or accidentally share, exposing them to anyone with access to the repository.
Impact#
If an attacker obtains a hard-coded JFrog API key, they could access your organization’s artifact repositories, upload or download sensitive packages, or tamper with software releases. This can lead to data breaches, supply chain attacks, and loss of control over critical infrastructure.