Systems and methods are disclosed herein for determining a source of leaked sensitive data (e.g., passwords, insecure coding, log information, any information that should not exist, etc.) in compiled software applications. According to some aspects, a computing device (e.g., a software analysis device, a cloud-computing device, a server, a smart device, binary file/code scanner, etc.) may receive scan pattern information and a binary file of a software application. The computing device may be configured to determine one or more executable files of the software application based on the binary file. Based on the scan pattern information and the one or more executable files, the computing device may determine location information for one or more sensitive data elements configured with the software application. The computing device may use the location information for each of the one or more sensitive data elements to determine a respective source of the sensitive data element.