Pembuatan Sistem Deteksi Hardcode Kredensial pada Repository

Abstract

Hardcoded Credential is the practice of embedding authentication information, such as usernames and passwords, directly into the source code of software or applications. This means that the credential information is not stored separately or managed securely, but rather integrated into the program code. This practice poses significant security risks, one of which is the difficulty of changing credentials, making modifications to the source code impractical and increasing security risks. This research proposes a web-based Hardcoded Credential Detection System that can detect Hardcoded Credentials in the Repository on Github, by implementing security tools in the form of Trufflehog to the website, the system can see the results of Hardcoded Credential detection after the detection process is complete. By using the Prototyping method which is one approach in software development by following a series of stages that are carried out sequentially and completed one by one before entering the next stage. The technologies used include ReactJs as a library for making Front-end, ExpressJs as a Framework for making Back-end with Javascript as a Programming Language, and MYSQL as a database. The results of this system can help in maintaining the security of Github repositories by providing the use of tools that can identify potential leaks of sensitive credentials. Thus, developers and security teams can take action to remove or secure those accidental credentials