Issue Details: Sensitive Data
Sensitive Data
The Sensitive Data tab lists the individual secrets and credentials detected within the affected resource, with their location, type, and current validity status.
Use this tab to review every detected secret, confirm which ones are still active, and identify exactly where each secret lives so it can be revoked and removed.
The Aggregations counter at the top shows the total number of detected secrets in the resource. Each row represents a single match.
Status
The live validation status of the secret: Active (still valid and usable), Inactive (no longer valid), or n/a (validity could not be verified).
Treat Active secrets as the highest priority — they can be used by an attacker right now and must be rotated immediately.
Source
The resource where the secret was detected, such as the S3 bucket or repository name.
Use this to identify the affected asset and route remediation to the team that owns it.
Location
The file path within the source where the secret was found (for example, config/settings.json or secrets/.env).
Use this to locate the exact file that needs to be cleaned up or removed.
Match
The detected secret value, partially masked.
Use this to confirm the finding and to recognize the secret when searching downstream copies, backups, or logs.
Line Number
The line within the file where the secret appears.
Use this to jump directly to the offending line for removal or replacement with a reference to a managed secret store.
Secret Type
The classification of the secret, such as aws-access-key, aws-secret-key, postgresql-connection-string, github-fine-grained-pat, or base64-github-fine-grained-pat.
Use this to determine the correct revocation path — each secret type has its own rotation procedure in the issuing system (AWS IAM, GitHub, the database, etc.).
Last updated