Python
JavaScript
Java
Go
C#
Ansible
AWS CloudFormation Linter
C & C++
Dart Analyze
Docker
Kotlin
KubeLinter
PHP
Ruby
Rust
Scala
Secrets
Shell
Slither
Solhint
SQL
Swift
Terraform
Test coverageSecrets detected in source codeSCT-1000Hardcoded Adafruit API key in source codeSCT-1011Hardcoded Alibaba credentials in source codeSCT-1036Hardcoded Asana credentials in source codeSCT-1037Hardcoded Clojars API token in source codeSCT-1040Hardcoded Databricks API token in source codeSCT-1045Hardcoded Dropbox credentials in source codeSCT-1058Hardcoded AWS access token in source codeSCT-1002Hardcoded Google Cloud Platform API key in source codeSCT-1003Hardcoded Stripe access token in source codeSCT-1005Hardcoded Slack access token in source codeSCT-1006Hardcoded GitHub token in source codeSCT-1008Hardcoded GitLab token in source codeSCT-1009Hardcoded Atlassian API token in source codeSCT-1010Hardcoded Adobe client ID/secret in source codeSCT-1012Hardcoded OpenAI API key in source codeSCT-1013Hardcoded Datadog access token in source codeSCT-1014Hardcoded DigitalOcean token in source codeSCT-1015Hardcoded Fastly API token in source codeSCT-1016Hardcoded Linear API key/client secret in source codeSCT-1018Hardcoded New Relic API key in source codeSCT-1019Hardcoded PlanetScale credentials in source codeSCT-1020Hardcoded Postman API token in source codeSCT-1021Hardcoded Twilio API key in source codeSCT-1022Hardcoded DeepSource Personal Access Token (PAT) in source codeSCT-1023Hardcoded Prefect API token in source codeSCT-1024Hardcoded Readme API token in source codeSCT-1028Hardcoded RubyGems API in source codeSCT-1029Hardcoded Sendbird API token in source codeSCT-1030Hardcoded Brevo (Formerly Sendinblue) API token in source codeSCT-1031Hardcoded DroneCI access token in source codeSCT-1033Hardcoded Airtable API key in source codeSCT-1034Hardcoded Algolia API key in source codeSCT-1035Hardcoded Beamer API token in source codeSCT-1038Hardcoded Bittrex credentials in source codeSCT-1039Hardcoded Codecov access token in source codeSCT-1041Hardcoded Coinbase access token in source codeSCT-1042Hardcoded Confluent credentials in source codeSCT-1043Hardcoded Contentful API token in source codeSCT-1044Hardcoded Discord credentials in source codeSCT-1046Hardcoded Doppler API token in source codeSCT-1047Hardcoded Sumologic API key in source codeSCT-1048Hardcoded Twitch API token in source codeSCT-1051Hardcoded Twitter API token in source codeSCT-1052Hardcoded Duffel API token in source codeSCT-1059Hardcoded Dynatrace API token in source codeSCT-1060Hardcoded EasyPost credentials in source codeSCT-1061Hardcoded Etsy access token in source codeSCT-1062Hardcoded Facebook access token in source codeSCT-1063Hardcoded Finicity credentials in source codeSCT-1064Hardcoded Finnhub access token in source codeSCT-1065Hardcoded Flickr access token in source codeSCT-1066Hardcoded Flutterwave credentials in source codeSCT-1067Hardcoded FreshBooks access token in source codeSCT-1069Hardcoded Slack web hook in source codeSCT-1007Hardcoded PyPI upload API token in source codeSCT-1026Hardcoded SendGrid API token in source codeSCT-1032Hardcoded Pulumi API token in source codeSCT-1025Hardcoded JavaScript Web Token in source codeSCT-1004Hardcoded HashiCorp Terraform API token in source codeSCT-1017Hardcoded Rapid API access token in source codeSCT-1027Hardcoded Telegram Bot API token in source codeSCT-1049Hardcoded TravisCI API key in source codeSCT-1050Hardcoded private key in source codeSCT-1001Hardcoded Frame.io API token in source codeSCT-1068Possible hardcoded secrets detected in source codeSCT-A000
Hardcoded Brevo (Formerly Sendinblue) API token in source codeSCT-1031
Critical
SecretsA hardcoded Brevo (formerly Sendinblue) API token in source code can cause severe security issues as it can give unauthorized access to Brevo resources, which can result in a data breach and financial loss. If an API token has been leaked, you can revoke your API token to mitigate the vulnerability.
Bad practice
import requests
API_TOKEN = "HARDCODED_APP_TOKEN"
headers = {
'api-key': API_TOKEN,
'Content-Type': 'application/json'
}
def send_email(data):
response = requests.post(
url="https://api.sendinblue.com/v3/smtp/email",
headers=headers,
json=data
)
return response.json()
Recommended
import requests
import os
API_TOKEN = os.getenv('BREVO_API_TOKEN')
headers = {
'api-key': API_TOKEN,
'Content-Type': 'application/json'
}
def send_email(data):
response = requests.post(
url="https://api.sendinblue.com/v3/smtp/email",
headers=headers,
json=data
)
return response.json()