Hex High Entropy String

Bridgecrew Policy ID: BC_GIT_19
Severity: LOW

Hex High Entropy String


Checkov calculates entropy levels using a Shannon Entropy calculator. The entropy levels of keys are important, as the more or less information required to determine unknown key variables can alter how difficult it is to crack. If a high-entropy string is detected, the string is printed to the screen.

This check scans the branch and evaluate the Shannon entropy for both the hexadecimal character set for every blob of text.

Fix - Git

Step 1: Revoke the exposed secret.
Start by understanding what services were impacted and refer to the corresponding API documentation to learn how to revoke and rotate the secret.

Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.

Step 3: Check any relevant access logs to ensure the key was not utilized during the compromised period.

Did this page help you?