Skip to main content
Publications

Conference Paper

DOI PDF

Grants

SaTC: Risk-based Secure Checked-in Credential Reduction for Software Development

SecretBench: A Dataset of Software Secrets

Setu Kumar Basak, Lorenzo Neil, Bradley Reaves, and Laurie Williams

Mining Software Repositories Data and Showcase Track, 2023

A labeled benchmark of 97,479 secrets across 818 GitHub repositories enables systematic evaluation of secret detection tools.

Abstract

According to GitGuardian’s monitoring of public GitHub repositories, the exposure of secrets (API keys and other credentials) increased two-fold in 2021 compared to 2020, totaling more than six million secrets. However, no benchmark dataset is publicly available for researchers and tool developers to evaluate secret detection tools that produce many false positive warnings. The goal of our paper is to aid researchers and tool developers in evaluating and improving secret detection tools by curating a benchmark dataset of secrets through a systematic collection of secrets from open-source repositories. We present a labeled dataset of source codes containing 97,479 secrets (of which 15,084 are true secrets) of various secret types extracted from 818 public GitHub repositories. The dataset covers 49 programming languages and 311 file types.

Citation (IEEE)

S. K. Basak, L. Neil, B. Reaves, and L. Williams, “SecretBench: A Dataset of Software Secrets,” in Mining Software Repositories Data and Showcase Track, 2023.

BibTeX 
@inproceedings{bnrw23b,
  author = {Basak, Setu Kumar and Neil, Lorenzo and Reaves, Bradley and Williams, Laurie},
  booktitle = {Mining Software Repositories Data and Showcase Track},
  date = {2023-05},
  keywords = {short},
  title = {SecretBench: A Dataset of Software Secrets},
}