Select any row in the Secrets table to open the issue side panel. The side panel provides detailed context for investigation and remediation.
Side-panel details
Issues include general, Urgency, code evidence, and code to cloud details.
General details
The top section of the side panel displays the following fields:
Field | Description |
|---|---|
Severity | The severity level of the secrets issue |
Status | The current resolution status (New, In Progress, Resolved) |
Assignee | The user assigned to the issue |
SLA | The SLA compliance status, calculated from the issue creation date and the severity-based target resolution window |
Backlog Status | The backlog classification of the issue (New, Backlog) |
Urgency details
The Urgency details section provides the contextual risk signals that determine the urgency classification of the secrets issue. Urgency extends beyond static severity by incorporating runtime, business context, and secrets-specific signals.
Signal | Description |
|---|---|
Urgency Level | The computed urgency classification: Top Urgent, Urgent, Not Urgent, or Not Applicable |
Visibility | Indicates whether the code repository where the secret was found is public |
Validation | Indicates whether the exposed secret is valid and, if so, whether the secret has high privileges |
Found in History | Indicates whether the secret was found in the version history of the repository |
Secret Type | Indicates whether the secret was detected based on high entropy |
Application Criticality | The highest criticality level among all applications linked to the affected assets |
Application Environment | The highest-risk environment among all applications associated with the issue |
Access Sensitive Data | Indicates whether at least one deployed asset has access to sensitive data |
Leverage Privileged Capabilities | Indicates whether at least one deployed asset has the ability to leverage privileged capabilities |
Affected Assets | The number of deployed cloud assets affected by the secrets issue |
Is Deployed | Indicates whether the secret affects any deployed assets |
Internet Exposed | Indicates whether at least one affected deployed asset is accessible from the internet |
Important
Urgency signals related to deployment context are populated only when the secrets asset is traced to deployed cloud resources through the Code-to-Cloud mapping.
Code evidence
The Code evidence section displays the source code context of the exposed secret:
Repository Name: The name of the repository containing the exposed secret
File Path: The full path to the affected file with a link to the VCS provider
Code Block: The source code snippet with highlighted lines indicating the specific location of the exposed secret
Commit Details: The Git author, commit hash, and commit timestamp
Secret Validation Status: A label indicating the validation result (such as Valid Secret, Invalid Secret, Privileged Secret)
Code to cloud graph
The Code to cloud graph visualizes the traceability path from the source code file containing the exposed secret in the repository to the deployed cloud resource. The Code to Cloud graph enables you to understand the blast radius of the exposed secret by identifying which production assets inherit the compromised credential.
Prioritize secrets issues
Effective prioritization of secrets issues requires evaluating multiple contextual signals beyond static severity. Application Security provides two complementary prioritization mechanisms: Urgency-based prioritization and Severity-based prioritization.
Urgency-based prioritization
Urgency incorporates runtime, business context, and secrets-specific signals to surface the secrets exposures that pose the greatest operational risk. Prioritize secrets issues using the following urgency hierarchy:
Urgency Level | Criteria | Recommended Action |
|---|---|---|
Top Urgent | The secret is validated as active (Valid or Privileged), exposed in a public repository, and affects a deployed, internet-exposed asset in a production environment with critical application criticality | Revoke the secret immediately. Rotate the credential and update all dependent services. Escalate to a Case |
Urgent | The secret is validated as active (Valid), exposed in a public repository, or affects a deployed asset in a staging or production environment, or the affected asset accesses sensitive data | Revoke and rotate the secret within the current SLA window |
Not Urgent | The secret is not validated (No Validation or Unavailable), exists only in a private repository, or the affected asset is in a development or testing environment with low application criticality | Schedule for remediation during the next maintenance cycle |
Not Applicable | No Code-to-Cloud trace exists for the affected asset and no secrets-specific signals (validation, visibility) are available. Urgency signals cannot be computed | Establish Code to Cloud traceability by linking the repository to the relevant application |
Severity-based prioritization
Severity reflects the inherent risk of the exposed secret based on the detection rule. Use severity as the baseline filter:
Severity | Remediation Priority |
|---|---|
Critical | Immediate remediation required. The secret provides direct access to production systems or sensitive data. |
High | Remediate within the current sprint. The secret exposes a credential with significant access scope. |
Medium | Schedule for remediation. The secret exposes a credential with limited access scope or is in a non-production context. |
Low | Address during routine maintenance. The secret has minimal security impact. |
Informational | No action required. The finding is advisory. |
Take action on secrets issues
The Secrets page supports the following actions for individual issues and bulk selections: change resolution status, assign an issue, and apply manual remediation guidance.
Change resolution status
Update the resolution status to track remediation progress.
From the main issues table: → →
From the side-card: →
Status values: New: The issue has not been triaged; In Progress: Remediation is underway; Resolved: The secret has been revoked, rotated, and verified.
Assign an issue
Assign a secrets issue to a specific user for remediation.
From the main issues table: → →
From the side-card: →
Apply manual remediation guidance
For secrets issues, the side panel provides manual remediation guidance specific to the secret type and provider. Remediation guidance is accessed from the Actions tab in the issue side card.
Select an issue in the table to open the side panel.
Review the Manual Fix Suggestion field in the issue details.
The manual remediation guidance includes:
Instructions to revoke the compromised credential through the provider dashboard or API
Steps to generate a new credential and replace the exposed secret across all dependent applications
Recommendations to use secure storage mechanisms (such as environment variables, secrets managers, or vault services) instead of hardcoding credentials
Example: manual remediation for an exposed Stripe Webhook Secret
Sign in to your Stripe account with administrator credentials.
Navigate to the dashboard section and select Webhooks.
Identify the affected webhook and regenerate a new secret.
Replace the exposed secret across all relevant applications.
Monitor the webhook event logs for any potentially suspicious activity.
Example: manual remediation for an exposed Slack Bot Token
Revoke the compromised token from your Slack workspace settings or via the API.
Create a new bot token for your Slack app, following Slack best practices for security.
Store the new token using a secure storage mechanism (such as a secrets manager or environment variable). Do not hardcode the new token directly.
Understand SLA compliance
Each secrets issue is tracked against an SLA target based on the issue severity. The SLA status is displayed in the issue side panel under General Details. The SLA calculation uses the issue creation timestamp and the configured severity-to-target-days mapping. Resolved issues stop the SLA clock at the resolution timestamp.
SLA Status | Description |
|---|---|
Within SLA | The issue is within the severity-based remediation window |
Approaching | The issue is nearing the SLA deadline. Prioritize remediation |
Overdue | The issue has exceeded the SLA deadline. Escalate or reassign |