Hex High Entropy String

Bridgecrew Policy ID: BC_GIT_19
Severity: LOW

Hex High Entropy String


Password Entropy is a concept used to assign a numerical score to how unpredictable a password is or the likelihood of highly random data in a string of characters. The policy calculates entropy levels using a Shannon Entropy calculator. The entropy levels of keys are important, as the more or less information required to determine unknown key variables can alter how difficult it is to crack. If a high-entropy string is detected, the string is printed to the screen.

This check scans the branch and evaluates the entropy for both the hexadecimal character set for every blob of text.

Fix - Git

Step 1: Revoke the exposed secret.
Start by understanding what services were impacted and refer to the corresponding API documentation to learn how to revoke and rotate the secret.

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Check any relevant access logs to ensure the key was not utilized during the compromised period.