Collaborate Disseminate
A former employer of mine has reached out to me to assist them with PCI certification (I guess I’ll be getting a 1099-NEC from them next year as a result). Here’s the point I’m at in the questionnaire:
File-integrity monitoring tools are … Continue reading file-integrity monitoring tools for PCI compliance
I’m curious about what data actually gets signed when I sign a git commit or tag? Is it simply the commit message and metadata?
How could I manually duplicate the signature, use gpg instead of git?
Continue reading When I sign a git commit, what is my signature actually based on?
Back when I was a Java developer, we used to use build.properties or build.xml to store sensitive information outside of the VCS and just add the file with whatever passwords would go in it after check out.
But that’s pretty language speci… Continue reading How does one tighten up their git repo security for Powershell?
Seems like every few months there is another ‘cloning a malicious repo’ type vulnerability. What is it about the way GIT works or was designed that makes it have so many security bugs?
Continue reading Why does GIT have so many vulnerabilities? [closed]
A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker&#… Continue reading Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)
To help ensure authenticity of packages some projects on GitHub and on GitLab add hashsums to the descriptions of the release on the Releases page.
Sometimes, at least here, the hashsum are made part of the release’s filename. Sometimes, a… Continue reading How can the authenticity of releases on GitHub and GitLab be ensured? Can their hashsums change?
I have been using a YubiKey 4 to sign git commits for a few years on Ubuntu.
I am setting up a new Windows10 machine and want to use the same signing key from Windows; however I cannot seem to point gpg at the YubiKey private signing key.
… Continue reading New Win10 and Old YubiKey4; trying to configure GPG Sign for existing key
For a challenge I found that I was able to download files off of /.git/ After using the tools from GitTools I soon realised that my goal was to get to read config.inc.php file. But the problem is, I got index.php extracted but not config.i… Continue reading How to find a specific file’s code in a website with a broken git commit? [migrated]
I’ve been using GitHub for years to host the Windows 10 Field Guide, and this year I moved my .NETpad projects there as well.
The post Git ‘Er Done with GitHub (Premium) appeared first on Thurrott.com.
Continue reading Git ‘Er Done with GitHub (Premium)
We are using Jenkins Freestyle Project to push the changes on the remote server. We are executing shell script on remote host using ssh for it. To pull the changes on the remote server, we are using origin url with git username and git pas… Continue reading git reflog is showing plain text password used as a secret texts or files in Jenkins