Critiq Docs
Get started
security.privacy

Avoid sensitive data in logs and telemetry

Sensitive fields should not be sent to logging, tracing, or analytics sinks.

#Metadata

Rule ID
security.no-sensitive-data-in-logs-and-telemetry
Severity
high
Confidence
0.85
Languages
go, java, javascript, php, python, ruby, rust, typescript
Presets
security, strict
Stability
stable
Applies to
function
Tags
logging, privacy, rules-catalog, security, telemetry

#Why it matters

Observability payloads often leave the service boundary and can expose secrets, account identifiers, or personal data if they carry raw request or user fields.

#Remediation

Redact, hash, or drop the sensitive field before it reaches the sink.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/shared/security.no-sensitive-data-in-logs-and-telemetry.rule.yaml.

Back to registryOpen rule in repository