Skip to main content

Source code without sensitive information


The source code must not contain sensitive information.


Sensitive data is often included in the source code during early development stages for practicality or due to a lack of early architecture. This data includes credentials, secrets, cryptographic keys, personal identification numbers and other personal information. Following secure programming practices, none of this information should be present in the source code, as a leak could put critical systems in jeopardy.