https://trufflesecurity.com/blog/scanning-5-6-million-public-gitlab-repositories-for-secrets
Thousands of sensitive developer secrets have been inadvertently exposed through public GitLab repositories. The investigation, conducted by the Checkmarx security team, found that more than 17,000 secrets, including API keys, database credentials, and other sensitive information, were publicly accessible.
The exposure of these secrets poses a serious risk, as they could be exploited by malicious actors to gain unauthorised access to systems, data, and critical infrastructure. The issue stems from developers who, either due to lack of awareness or oversight, have been committing sensitive information directly to their public GitLab repositories, instead of using secure storage solutions or following best practices for managing secrets.
Developers and organisations should review their GitLab repositories, implement robust secrets management policies, and educate their teams on the importance of protecting sensitive data. Additionally, it is recommended to use tools and processes that can help identify and remediate the exposure of secrets in public repositories, as well as the adoption of secure coding practices to prevent such incidents from occurring in the future.