Collaborate Disseminate
Where can I find RegEx that can pattern match common secret strings?
I have a product that scans repos and commits and in case a developer tries to commit a secret (i.e. passwords, keys). It scans for roughly 30 patterns by default which s… Continue reading Source of RegEx examples of Secret Detection patterns in repositories?
I have noticed how important has it become to anonymously contribute to github. I have just created a new account with protonmail and removed my actual account from my Macbook. I still have the public keys. Should I use those public keys t… Continue reading how to anonymously contribute to Github [closed]
I’m wondering whether git commit metadata can shred light on potential risk signals or vulnerabilities.
Henry Hinnefeld has investigated this, here but this seems to be a way of detecting vulnerabilities which already have been spotted by … Continue reading Can we detect risk signals or potential vulnerabilities in git meta-data?
The rise of GitOps comes from the industry’s increased adoption of Kubernetes. As organizations and teams shift towards Kubernetes, scaling their cluster management practices becomes imperative as teams and workloads grow in size. This is where G… Continue reading How GitOps Raises the Stakes for Application Security
Under different circumstances, GitHub would be hosting its Satellite conference in Paris this week. Like so many other events, GitHub decided to switch Satellite to a virtual event, but that isn’t stopping the Microsoft-owned company from announcing quite a bit of news this week. The highlight of GitHub’s announcement is surely the launch of GitHub […] Continue reading GitHub gets a built-in IDE with Codespaces, discussion forums and more
Researchers discovered a .git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules. Continue reading GDPR Compliance Site Leaks Git Data, Passwords
I connect to my github repo using ssh keys which I have whitelisted in GitHub. I do pull/push to this repo from my linux server which is hosted in AWS.
If a hacker gains access to this AWS server, what all damage can he do to my code in g… Continue reading What are the security risks if my server with github ssh access key is hacked?
Dev + Sec + Ops ! = DevSecOps
DevSecOps formula
Historically, security vendors and code scientists around the world have been looking for a single universal formula to represent the notion of DevSecOps.
In my previous posts, I had introduced Shift… Continue reading Dev + Sec + Ops != DevSecOps
We have a self hosted git server in our company. It is reachable over the internet because our developers work together with external consultants, developers and other persons. Between the internet and the internal server is a reverse prox… Continue reading Does additional SSH access on top of HTTPS improve or harm the security of a self hosted Git server?
Git released an update on Tuesday, fixing an issue that could result in leaking credentials. The vulnerability was in how Git handles an HTTP URL containing a newline. Looking at the commits in 2.26.1, we can find an example of an attack:
url = "https://one.example.com?%0ahost=two.example.com/foo.git"
So doing a git pull …read more
Continue reading This Week in Security: Git, Patch Tuesday, Anti-Cheat, and Vulnerable Documentation