rspec/shared_content/secrets/impact/source_code_compromise.adoc

==== Compromise of sensitive source code

The affected service is used to store private packages and repositories. If a token is leaked, it can be used by unauthorized individuals to gain access to your sensitive code, proprietary libraries, and other confidential resources. This can lead to intellectual property theft, unauthorized modifications, or even sabotage of your software.

If these private packages contain other secrets, it might even lead to further breaches in the organization's services.
Create rule S6758: NPM access tokens should not be disclosed (APPSEC-1064) (#3041) You can preview this rule [here](https://sonarsource.github.io/rspec/#/rspec/S6758/secrets) (updated a few minutes after each push). ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: egon-okerman-sonarsource <egon-okerman-sonarsource@users.noreply.github.com> Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> 2023-09-15 14:20:15 +02:00			`==== Compromise of sensitive source code`

			`The affected service is used to store private packages and repositories. If a token is leaked, it can be used by unauthorized individuals to gain access to your sensitive code, proprietary libraries, and other confidential resources. This can lead to intellectual property theft, unauthorized modifications, or even sabotage of your software.`

			`If these private packages contain other secrets, it might even lead to further breaches in the organization's services.`