IssueGuard: Real-Time Secret Leak Prevention Tool for GitHub Issue Reports

TL;DR

IssueGuard is a Chrome extension that detects and prevents secret leaks in GitHub and GitLab issue reports in real-time, using regex and a fine-tuned CodeBERT model to warn users before submission.

Contribution

This work introduces a real-time secret leak detection tool integrated into web interfaces, combining regex and machine learning for high accuracy.

Findings

Achieved an F1-score of 92.70% on a benchmark dataset.

Outperformed traditional regex-based scanners in accuracy.

Provides visual warnings to users to prevent sensitive data submission.

Abstract

GitHub and GitLab are widely used collaborative platforms whose issue-tracking systems contain large volumes of unstructured text, including logs, code snippets, and configuration examples. This creates a significant risk of accidental secret exposure, such as API keys and credentials, yet these platforms provide no mechanism to warn users before submission. We present \textsc{IssueGuard}, a tool for real-time detection and prevention of secret leaks in issue reports. Implemented as a Chrome extension, \textsc{IssueGuard} analyzes text as users type and combines regex-based candidate extraction with a fine-tuned CodeBERT model for contextual classification. This approach effectively separates real secrets from false positives and achieves an F1-score of 92.70\% on a benchmark dataset, outperforming traditional regex-based scanners. \textsc{IssueGuard} integrates directly into the web interface and continuously analyzes the issue editor, presenting clear visual warnings to help users avoid submitting sensitive data. The source code is publicly available at \href{https://github.com/disa-lab/IssueGuard}{https://github.com/disa-lab/IssueGuard} , and a demonstration video is available at \href{https://youtu.be/kvbWA8rr9cU}{https://youtu.be/kvbWA8rr9cU} .