Security Center scans the source code stored on Github in real time to check whether your username and password have been leaked. Security Center generates alerts upon potential leaks in real time to help you minimize the risks.

Background information

  • Enterprise employees must not upload source code to Github. Otherwise, the endpoint to the company database, and the passwords used to log on to the database and server may be leaked.
  • The AccessKey leak detection feature uses the threat intelligence collection system to detect the source code stored on Github. Security Center captures and determines whether the source code, which may be uploaded by enterprise employees accidentally, contains usernames and passwords that are used to log on to assets such as Elastic Compute Service (ECS), ApsaraDB RDS for MySQL (RDS), ApsaraDB RDS for Redis (Redis), and ApsaraDB RDS for MySQL. Security Center generates alerts upon potential leaks in real time to help you minimize the risks.
  • You can customize the notification time period of AccessKey leak alerts on the Settings > Notifications page. Alerts are sent to you only during the specified time. Note that you cannot receive alert notifications upon AccessKey leaks that occur outside this time period.
Note The AccessKey leak detection feature is enabled by default for all users.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Detection > AccessKey Leak.
  3. You can perform the following operations on the AccessKey Leak page.
    • View information about AccessKey leaks
      You can view the following information about AccessKey leaks detected by Security Center: the number of times that the AccessKey has been leaked, the number of alerts triggered by abnormal calls of the AccessKey, the detection report, the platform where the detection is run, and the last detection time.View information about AccessKey leaks
    • Search for a specific AccessKey leak
      You can search the leak records of a specific AccessKey by entering the AccessKey ID in the search box.Search for a specific AccessKey leak
    • View AccessKey leak details
      Select a record and click Details in the Actions column to view the details.View AccessKey leak details
    • Manage detected AccessKey leaks
      The Leaked details of AccessKey page contains a Related recommendation section where you can view the suggestions on how to manage the leak.
      • Log on to the Log Service console to search for the access log of the corresponding server and determine whether AccessKeys are leaked. For example, you can search for Web access logs and set the URL field to the file path that contains the AccessKey application file.
      • You can Manually delete, Manually disable AK, and add the AccessKey to the Whitelist as needed.
        On the Leak Detection by AccessKey page, find and click the target leak record and click Processing in the Actions column, and then select a method to manage the leak.Processing results

        If you add the AccessKey to the whitelist, the status of the leak record becomes Whitelisted and is listed in the Handled list.

        If you want to remove the AccessKey from the whitelist, find the record in the Handled list, go to the details page, and then click Cancel the Whitelist.

        Remove an AccessKey from the whitelist
      Note We recommend that you prohibit employees from uploading source code to public platforms such as Github, or use a private Github code repository to manage code. You can also build an internal system to manage source code. This minimizes the risk of leaking sensitive information.
    • Export AccessKey detection reports
      1. On the Leak Detection by AccessKey page, click the Export icon in the upper-right corner of the list to export a detection report.

        After the report is exported, a "You have exported the report." message appears in the upper-right corner.

      2. Click Download in the You have exported the report dialog box to download the report to a local Excel file.
      Download the report