A security engineer named Luke Marshall scanned 5.6 million public repositories on GitLab Cloud and uncovered over 17,000 exposed secrets tied to more than 2,800 unique domains. Using TruffleHog, an open-source tool designed to detect sensitive information like API keys and passwords, he found nearly three times the number of secrets compared to his previous scan of Bitbucket, which revealed 6,212 secrets across 2.6 million repositories. Notably, the secret density on GitLab was 35% higher than on Bitbucket. Marshall's approach involved utilizing a GitLab public API endpoint and a custom Python script to manage the scanning process. He executed this operation using an AWS Lambda function, allowing him to complete the extensive scan in just over 24 hours at a cost of $770. The majority of the leaked secrets were Google Cloud Platform credentials, followed by MongoDB keys, Telegram bot tokens, and OpenAI keys, with some dating back to 2009. In a responsible disclosure effort, Marshall automated notifications to affected parties, leading to several organizations revoking their compromised secrets. His work also earned him around $9,000 in bug bounties. Despite these efforts, an undisclosed number of secrets remain exposed on GitLab, highlighting ongoing vulnerabilities in public repositories.