A tester is reviewing a large software project to find data leaks in various branches. Which technique is the BEST for uncovering sensitive items in this environment?
Restricting keywords in commit messages for potential leaks
Running a specialized tool that detects multiple patterns associated with secrets
Manually looking for user credentials in commit changes
Checking open issues that reference private details
Secret scanning utilities that match diverse patterns can evaluate commit history across multiple branches. These scans can detect tokens, hashed passwords, and other patterns that might be missed when performing manual or keyword searches. Manually examining commits is helpful but takes more effort in large projects. Searching commit messages may miss entitlements stored deep in files, and open issues may not reflect all code changes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are secret scanning utilities?
Open an interactive chat with Bash
How do secret scanning tools detect sensitive information?
Open an interactive chat with Bash
Why is manual searching less effective in large projects?