[](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Cortex Cloud logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/cortexcloud-logo-dark.svg)](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * 用例 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 用例 用例 * [Cortex Cloud](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) 由统一数据、AI 和自动化提供助力的实时云安全 * [应用安全](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) 从源头阻止风险 * [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) 快速确定任何云中的风险优先级并进行补救 * [云运行时安全](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) 实时预防云攻击 * [安全运营](https://www.paloaltonetworks.cn/cortex?ts=markdown) 检测、调查和应对整个企业和云中的威胁 * 解决方案 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 解决方案 [应用安全](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) * [应用安全态势管理 (ASPM)](https://www.paloaltonetworks.cn/cortex/cloud/application-security-posture-management?ts=markdown) * [软件供应链安全](https://www.paloaltonetworks.cn/cortex/cloud/software-supply-chain-security?ts=markdown) * [IaC 安全](https://www.paloaltonetworks.cn/cortex/cloud/infrastructure-as-code-security?ts=markdown) * [软件构成分析](https://www.paloaltonetworks.cn/cortex/cloud/software-composition-analysis?ts=markdown) * [机密安全](https://www.paloaltonetworks.cn/cortex/cloud/secrets-security?ts=markdown) * [开放合作伙伴生态系统](https://www.paloaltonetworks.cn/cortex/cloud/appsec-partner-ecosystem?ts=markdown) [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) * [云安全态势管理 (CSPM)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-security-posture-management?ts=markdown) * [云基础架构权限管理 (CIEM)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [数据安全态势管理 (DSPM)](https://www.paloaltonetworks.cn/cortex/cloud/data-security-posture-management?ts=markdown) * [AI 安全态势管理 (AI-SPM)](https://www.paloaltonetworks.cn/cortex/cloud/ai-security-posture-management?ts=markdown) * [漏洞管理](https://www.paloaltonetworks.cn/cortex/cloud/vulnerability-management?ts=markdown) * [云攻击面管理 (ASM)](https://www.paloaltonetworks.cn/cortex/cloud/attack-surface-management?ts=markdown) [云运行时安全](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) * [云检测与响应 (CDR)](https://www.paloaltonetworks.cn/cortex/cloud-detection-and-response?ts=markdown) * [容器和 Kubernetes 安全](https://www.paloaltonetworks.cn/cortex/cloud/container-security?ts=markdown) * [云工作负载保护 (CWP)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-workload-protection?ts=markdown) * [API 安全](https://www.paloaltonetworks.cn/cortex/cloud/api-security?ts=markdown) * [Web 应用安全](https://www.paloaltonetworks.cn/cortex/cloud/web-application-security?ts=markdown) [安全运营](https://www.paloaltonetworks.cn/cortex/?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.cn/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.cn/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.cn/cortex/cortex-xpanse?ts=markdown) * [Unit 42 托管检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [产品之旅](https://www.paloaltonetworks.com/cortex/cloud/product-tours?ts=markdown) * 资源 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 资源 学习 * [博客](https://www.paloaltonetworks.com/blog/cloud-security/?lang=zh-hans) * [云研究](https://www.paloaltonetworks.com/cortex/cloud/research) * [Cyberpedia](https://www.paloaltonetworks.cn/cyberpedia?ts=markdown) * [Live Community](https://live.paloaltonetworks.com/) * [互动研讨会](https://www.paloaltonetworks.com/cortex/cloud/interactive-workshops) 产品信息 * [技术文档](https://docs.paloaltonetworks.com/) * [开源项目](https://www.paloaltonetworks.com/cortex/cloud/open-source-projects) * [支持](https://support.paloaltonetworks.com/Support/Index) 资源 * [技术合作伙伴](https://www.paloaltonetworks.com/partners/technology-partners) * [客户成功案例](https://www.paloaltonetworks.cn/customers?ts=markdown) * [资源中心](https://www.paloaltonetworks.cn/resources?ts=markdown) * [事件](https://events.paloaltonetworks.com) * * [申请演示](https://www.paloaltonetworks.cn/cortex/cloud/trial?ts=markdown) ![palo alto networks logo icon](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-default.svg) ![white arrow icon pointing left to return to main Palo Alto Networks site](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-white.svg) [](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) 搜索 Close search modal *** ** * ** *** # 机密安全 全栈多维方法可用于在存储库和 CI/CD 管道内的所有文件中查找和保护暴露的和易受攻击的机密。 [申请演示](https://www.paloaltonetworks.cn/cortex/cloud/trial?ts=markdown) ![secrets-gitlab](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/secret-management-hero-front.png) ![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-white.svg) ![secrets-gitlab](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/secret-management-hero-front.png) 重要意义我们的方法功能 * [重要意义](#why) * [我们的方法](#approach) * [功能](#modules) {#why} 开发人员使用机密来帮助应用安全地与其他云服务通信。在 GitHub 等版本控制系统 (VCS) 中,将机密存储在文件中并不安全,会产生潜在漏洞,这些漏洞可能会被利用。当开发人员在源代码中留下机密时,这种情况经常发生。一旦将机密提交到存储库中,此内容便会保存在历史记录中,任何用户都可以轻松访问这些机密。如果将存储库内容公开,将尤为危险,这会导致威胁攻击者很容易发现和利用这些资源。 大多数工具只在应用生命周期的其中一个阶段选择性地扫描机密,这样可能会完全遗漏某些类型的机密。Cortex^®^ Cloud 可确保不会意外暴露机密内容,同时最大限度地减少误报并维持开发速度。 --- ### 硬编码机密对于云原生开发来说十分常见。 硬编码凭证对开发人员来说更易于使用和访问,但不是最佳实践。这在矩阵化开发企业和基于云的存储库中尤其危险。不幸的是,这种情况司空见惯,超过 41% 的存储库中包含机密内容。 ### 公开曝光会增加风险。 机密内容经常会在您的 VCS 或注册表的公共存储库中发生暴露。此外,直接添加到源代码、IaC、CI/CD 配置文件等内容中的任何机密内容可能在 VCS 中可见,也可能在构建日志中意外暴露。 ### 孤立的工具会导致覆盖漏洞。 独立的机密扫描程序通常在构建和运行时缺乏一致覆盖。如果没有嵌入到更广泛的 CNAPP 策略中,企业就会对风险了解不足。 ## 借助 Cortex Cloud,开发人员能够无缝阻止构建和运行时的暴露机密。 通过在代码、构建、部署和运行时集成到 DevOps 工具中,Cortex Cloud 可在整个开发生命周期中持续扫描暴露的机密。Cortex Cloud 采用强大的多维方法,此方法结合了基于特征的策略库和经过微调的熵模型,可以识别几乎任何文件类型中的机密,包括 IaC 模板、黄金图像和 Git 存储库。 * 多种检测方法可以识别复杂机密,例如随机字符串或密码。 * 风险因素为机密提供了上下文,以简化优先级排序和修复。 * 原生集成到开发人员工具和工作流程中。 * ![100 个以上的签名库。](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_1.svg) 100 个以上的签名库。 * ![经过微调的熵模型。](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_2.svg) 经过微调的熵模型。 * ![供应链可视性。](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_3.svg) 供应链可视性。 * ![广泛覆盖。](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_4.svg) 广泛覆盖。 * ![检测 VCS 和 CI 管道中的预提交。](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_5.svg) 检测 VCS 和 CI 管道中的预提交。 * ![检测运行中的工作负载和应用。](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/icons/secrets-management-icons_6.svg) 检测运行中的工作负载和应用。 {#approach} 解决方案 ## 开发人员优先的机密安全多维方案 ### 精确检测 使用正则表达式的机密(访问令牌、API 密钥、加密密钥、OAuth 令牌、证书等)是最常见的已识别内容。Cortex Cloud 利用 100 多个特征,通过可预测的已知表达式来检测大量机密并发出警报。 * #### 大量覆盖 100 多个域特定机密检测程序可确保在构建和运行时都能发出精确的警报。 \* #### 广泛深入的扫描 扫描存储库中所有文件的机密以及集成中的版本历史。 [![精确检测](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/precise-detection-updated.png)](#prismastickyimagecomapproach1_prisma-custom-background_prismacustombackgrou_1073690407_cleanParsys_secrets-security_cloud_cortex_zh_CN_pan_content_) ### 经过微调的熵模型 不是所有机密都是一致或可识别的模式。例如,基于签名的方法检测不到随机字符串用户名和密码,因为这些内容是随机的,可能会暴露"企业机密",让他人可以公开进行访问。Cortex Cloud 利用经过微调的熵模型增强了基于特征的检测。 * #### 经过微调的熵模型 使用微调的熵模型可消除误报,该模型利用字符串上下文来精确识别复杂的机密类型。 \* #### 无与伦比的可视性 全面了解和控制云开发人员使用的大量机密。 [![经过微调的熵模型](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/fine-tuned-entropy-model.png)](#prismastickyimagecomapproach2_prisma-custom-background_prismacustombackgrou_1073690407_cleanParsys_secrets-security_cloud_cortex_zh_CN_pan_content_) ### 开发人员反馈 开发人员可以通过几种不同方式分析与暴露或易受攻击的机密相关的风险: * #### 项目 开发工作流程中的原生集成,并在不合规的文件中无缝显示检测到的机密。 \* #### 供应链 供应链图中显示源代码文件节点。对依赖树的详细调查有助于开发人员识别机密暴露的根本原因。 \* #### 获取请求注释 用户可以发现潜在泄露的机密,作为他们获取请求扫描的部分内容,这些内容可以轻松删除。 \* #### 预提交钩连点和 CI 集成 利用预提交钩连点在打开获取请求之前阻止将机密推送到存储库。 [![Developer feedback](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortexcloud/secrets-management/4-3-dev-feedback.png)](#prismastickyimagecomapproach4_prisma-custom-background_prismacustombackgrou_1073690407_cleanParsys_secrets-security_cloud_cortex_zh_CN_pan_content_) {#modules} ## 更多应用程序安全功能 ### 基础架构即代码安全 嵌入到开发人员工作流程中的自动化 IaC 安全性 [了解更多](https://www.paloaltonetworks.cn/cortex/cloud/infrastructure-as-code-security?ts=markdown) ### 软件构成分析 (SCA) 高度准确和情境感知的开源安全性和许可证合规性 [了解更多](https://www.paloaltonetworks.cn/cortex/cloud/software-composition-analysis?ts=markdown) ### 软件供应链安全 强化您的 CI/CD 管道、减少攻击面并保护您的应用程序开发环境。 [了解更多](https://www.paloaltonetworks.cn/cortex/cloud/software-supply-chain-security?ts=markdown) ### 基础设施即代码 (IaC) 安全 识别并修复 Terraform、CloudFormation、ARM、Kubernetes 和其他 IaC 模板中的错误配置 [了解更多](https://www.paloaltonetworks.cn/cortex/cloud/infrastructure-as-code-security?ts=markdown) {#footer} ## 产品和服务 * [实时人工智能驱动的网络安全](https://www.paloaltonetworks.cn/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.cn/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.cn/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.cn/sase/ai-access-security?ts=markdown) * [云交付的安全服务](https://www.paloaltonetworks.cn/network-security/security-subscriptions?ts=markdown) * [高级威胁预防](https://www.paloaltonetworks.cn/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.cn/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.cn/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.cn/network-security/advanced-dns-security?ts=markdown) * [企业数据丢失防护](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.cn/network-security/enterprise-iot-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.cn/network-security/medical-iot-security?ts=markdown) * [工业 OT 安全](https://www.paloaltonetworks.cn/network-security/industrial-ot-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [新一代防火墙](https://www.paloaltonetworks.cn/network-security/next-generation-firewall?ts=markdown) * [硬件防火墙](https://www.paloaltonetworks.cn/network-security/hardware-firewall-innovations?ts=markdown) * [软件防火墙](https://www.paloaltonetworks.cn/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.cn/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.cn/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.cn/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.cn/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.cn/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.cn/sase?ts=markdown) * [应用加速](https://www.paloaltonetworks.cn/sase/app-acceleration?ts=markdown) * [自主数字体验管理](https://www.paloaltonetworks.cn/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.cn/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.cn/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.cn/sase/sd-wan?ts=markdown) * [远程浏览器隔离](https://www.paloaltonetworks.cn/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [基于 AI 的安全运营平台](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) * [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.cn/prisma/cloud?ts=markdown) * [人工智能驱动的 SOC](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.cn/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.cn/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.cn/cortex/cortex-xpanse?ts=markdown) * [Unit 42 托管检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.cn/cortex/managed-xsiam?ts=markdown) * [威胁情报和事件响应服务](https://www.paloaltonetworks.cn/unit42?ts=markdown) * [主动评估](https://www.paloaltonetworks.cn/unit42/assess?ts=markdown) * [事故响应](https://www.paloaltonetworks.cn/unit42/respond?ts=markdown) * [安全策略转型](https://www.paloaltonetworks.cn/unit42/transform?ts=markdown) * [发现威胁情报](https://www.paloaltonetworks.cn/unit42/threat-intelligence-partners?ts=markdown) ## 公司 * [关于我们](https://www.paloaltonetworks.cn/about-us?ts=markdown) * [人才招聘](https://jobs.paloaltonetworks.com/en/) * [联系我们](https://www.paloaltonetworks.cn/company/contact-sales?ts=markdown) * [企业责任](https://www.paloaltonetworks.com/about-us/corporate-responsibility) * [客户](https://www.paloaltonetworks.cn/customers?ts=markdown) * [投资者关系](https://investors.paloaltonetworks.com/) * [位置](https://www.paloaltonetworks.com/about-us/locations) * [新闻资讯](https://www.paloaltonetworks.cn/company/newsroom?ts=markdown) ## 热门链接 * [博客](https://www.paloaltonetworks.com/blog/?lang=zh-hans) * [社区](https://www.paloaltonetworks.com/communities) * [内容库](https://www.paloaltonetworks.cn/resources?ts=markdown) * [网络百科](https://www.paloaltonetworks.com/cyberpedia) * [事件中心](https://events.paloaltonetworks.com/) * [管理电子邮件首选项](https://start.paloaltonetworks.com/preference-center) * [产品清单](https://www.paloaltonetworks.cn/products/products-a-z?ts=markdown) * [产品认证](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance) * [报告漏洞](https://www.paloaltonetworks.com/security-disclosure) * [网站地图](https://www.paloaltonetworks.cn/sitemap?ts=markdown) * [技术文档](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [请勿出售或分享我的个人信息](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [隐私](https://www.paloaltonetworks.com/legal-notices/privacy) * [信任中心](https://www.paloaltonetworks.com/legal-notices/trust-center) * [使用条款](https://www.paloaltonetworks.com/legal-notices/terms-of-use) * [文档](https://www.paloaltonetworks.com/legal) 版权所有 © 2025 Palo Alto Networks。保留所有权利 * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * CN Select your language