Use of Hard-coded Credentials
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-798: Use of Hard-coded Credentials |
| OWASP | A07:2021 - Identification and Authentication Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Sensitive Snyk API tokens are hard-coded directly into the source code. Storing credentials this way exposes them to anyone with access to the code repository, making it easy for secrets to be accidentally leaked.
Impact#
If an attacker obtains the exposed Snyk API token, they could access your Snyk account, view or modify vulnerability data, or abuse your security scanning resources, potentially leading to compromised project security and unauthorized use of your services.