Security Center scans the source code stored on GitHub in real time to check whether the usernames and passwords of your assets are leaked. Security Center generates alerts for potential AccessKey leaks to help you minimize risks.

Background information

  • Employees of an enterprise can upload source code to GitHub. This may cause leakage of the endpoints and passwords of enterprise databases and the passwords of enterprise servers.
  • The AccessKey leak detection feature uses the threat intelligence collection system to detect source code on GitHub. In most cases, source code is uploaded and open to public by employees of an enterprise. Security Center determines whether the source code contains the usernames and passwords of your assets. The assets include Elastic Compute Service (ECS) instances, ApsaraDB for RDS instances, and ApsaraDB for Redis instances. The assets also include other database instances that run MySQL. Security Center generates alerts upon potential leaks in real time to help you minimize risks.
  • Choose Settings > Notifications in the Security Center console. On the page that appears, you can customize the notification time period of AccessKey leak alerts. Alerts are sent to you only during the specified time period. You cannot receive real-time alert notifications upon AccessKey leaks that occur outside this time period.
Note By default, the AccessKey leak detection feature is enabled for all users.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Detection > AccessKey Leak.
  3. On the AccessKey Leak page, perform the following operations:
    • View information about AccessKey leaks
      You can view the following information about AccessKey leaks that are detected by Security Center: the number of AccessKey leaks, the number of alerts on suspicious calls of the AccessKey, the alert list, and the platform where the detection is performed.View information about AccessKey leaks
    • Search for a specific AccessKey leak
      Enter the AccessKey ID in the search box to search for the leak records of a specific AccessKey.Search for a specific AccessKey leak
    • View details about an AccessKey leak record
      Select a record and click Details in the Operation column to view details.View details about an AccessKey leak record
    • Manage AccessKey leaks
      In the Related recommendation section on the details page of an AccessKey leak, you can view the suggestions on how to handle the leak. You can perform the following operations:
      • Log on to the Log Service console. Search for the access logs of the corresponding server and determine whether AccessKeys are leaked. For example, you can search for web access logs by setting the URL field to the file path that contains the AccessKey application file.
      • You can manually delete or manually disable the AccessKey. You can also add the AccessKey to the whitelist.
        On the Leak Detection by AccessKey page, find the leak record, click Processing in the Operation column, and then select a method to handle the leak.Handle AccessKey leaks

        If you add the AccessKey to the whitelist, the status of the AccessKey becomes Whitelisted and is added to the Handled list.

        If you want to remove the AccessKey from the whitelist, find the record in the Handled list, go to the details page, and then click Cancel the whitelist.

        Remove an AccessKey from the whitelist
      Note We recommend that you prohibit employees from uploading source code to public platforms such as GitHub. We recommend that you use a private GitHub code repository to manage code. You can also build an internal system to manage source code. This minimizes the risk of leaking source code or sensitive information.
    • Export AccessKey detection reports
      1. In the upper-right corner of the AccessKey detection list, click Download icon.

        After the report is exported, the Done dialog box appears in the upper-right corner.

      2. Click Download in the Done dialog box to download the report as an Excel file.
      Download the report