pith. sign in

arxiv: 2303.06729 · v1 · pith:DSKSU25Onew · submitted 2023-03-12 · 💻 cs.CR · cs.SE

SecretBench: A Dataset of Software Secrets

classification 💻 cs.CR cs.SE
keywords secretsdatasetrepositoriessecretbenchmarkdetectiondevelopersgithub
0
0 comments X
read the original abstract

According to GitGuardian's monitoring of public GitHub repositories, the exposure of secrets (API keys and other credentials) increased two-fold in 2021 compared to 2020, totaling more than six million secrets. However, no benchmark dataset is publicly available for researchers and tool developers to evaluate secret detection tools that produce many false positive warnings. The goal of our paper is to aid researchers and tool developers in evaluating and improving secret detection tools by curating a benchmark dataset of secrets through a systematic collection of secrets from open-source repositories. We present a labeled dataset of source codes containing 97,479 secrets (of which 15,084 are true secrets) of various secret types extracted from 818 public GitHub repositories. The dataset covers 49 programming languages and 311 file types.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Secret Leak Detection in Software Issue Reports using LLMs: A Comprehensive Evaluation

    cs.SE 2024-10 accept novelty 6.0

    Creates a 54k-instance benchmark of GitHub issue secrets and shows fine-tuned LLMs reach 94.49% F1 with 81.6% on 178 real repositories.