Authors - Mohammed Sulaiman I, Shreevatsa DS, Kavitha Sooda, Revanth L, Dhanush M Abstract - The unintentional release of API keys, tokens, and any other credentials in the source code is an obvious security threat to contemporary software development. Old rule-based scanners produce too many false positives and cannot scan through obfuscated secrets or secrets that are unknown. This paper introduces AV-SHIELD (Automated Vulnerability Scanning Hybrid, Implementing integrated Leakage Detection) which is a hybrid framework that brings together pattern matching and machine learning to identify credential leaks in real time. The system serves to monitor development spaces in event-driven fashion and scan repositories in GitHub up to size limitations. One uses a Random Forest type of classifier, which is trained on entropy based features to combatSecret vs Benign strings and a risk scoring engine which gives priority to create alerts. Records of the identified exposures are archived in a fingerprint-tracked vault, batch-processed into mail notifications, and include professionally-formatted PDF records. A trade analysis using an interactive Streamlit dashboard allows viewing trends of exposure, provider profiles, and risk allocations. The synthetic data generated has demonstrated a high precision and recall rate that is much lower than the explanation of the uses of regex alone, tested through experimental evaluation. The framework was implemented as a systemd service, which shows its applicability to the enterprise DevSecOps pipelines.
Open Zoom