{"id":226114,"date":"2025-11-29T04:18:00","date_gmt":"2025-11-29T10:18:00","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/11\/public-gitlab-repositories-exposed-more-than-17000-secrets"},"modified":"2025-11-29T04:18:00","modified_gmt":"2025-11-29T10:18:00","slug":"public-gitlab-repositories-exposed-more-than-17000-secrets","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/11\/public-gitlab-repositories-exposed-more-than-17000-secrets","title":{"rendered":"Public GitLab repositories exposed more than 17,000 secrets"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/public-gitlab-repositories-exposed-more-than-17000-secrets.jpg\"><\/a><\/p>\n<p>After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains.<\/p>\n<p>Luke Marshall used the TruffleHog open-source tool to check the code in the repositories for sensitive credentials like API keys, passwords, and tokens.<\/p>\n<p>The researcher previously <a href=\"https:\/\/trufflesecurity.com\/blog\/scanning-2-6-million-public-bitbucket-cloud-repositories-for-secrets\" target=\"_blank\" rel=\"nofollow noopener\">scanned Bitbucket<\/a>, where he found 6,212 secrets spread over 2.6 million repositories. He also checked the <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/nearly-12-000-api-keys-and-passwords-found-in-ai-training-dataset\/\" target=\"_blank\" rel=\"nofollow noopener\">Common Crawl dataset<\/a> that is used to train AI models, which exposed 12,000 valid secrets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. Luke Marshall used the TruffleHog open-source tool to check the code in the repositories for sensitive credentials like API keys, passwords, and tokens. The researcher previously scanned Bitbucket, where he found [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,1492],"tags":[],"class_list":["post-226114","post","type-post","status-publish","format-standard","hentry","category-robotics-ai","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/226114","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=226114"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/226114\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=226114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=226114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=226114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}