View profile

SecOps Thursday - Issue #2 - All about the GIT

I thought it would be appropriate to start at the beginning of the pipeline, which means the source c
SecOps Thursday - Issue #2 - All about the GIT
By Yuval Oren • Issue #2 • View online
I thought it would be appropriate to start at the beginning of the pipeline, which means the source control. These days it’s all about git, and to be honest, SVN and the like are pretty much dead when it comes to new projects, so git it is.
As opposed to most source control applications, git has a few characteristics that are worth noting:
  1. Git is a distributed source control system
  2. Every client has the complete history of the code locally
  3. The project can have multiple remote servers
While the above gives us much flexibility and can save our jobs at times, it also gives us a few headaches.
One thing to remember is that git keeps history, and even if you delete something and commit it, earlier versions will contain the deleted content.
So don’t:
  1. Commit clear text production passwords
  2. Commit api keys
  3. Commit certificates
  4. You get the general theme
However what if you did? The articles below will show you a few tricks on how to scan your repository and remove unwanted information from the history.
You will be amazed of what you can find on github and bitbucket. The truth is that developers just forget about such things and just publish them to public repositories.

How putting credentials in Git can cost you at least $6,500 in just a few hours | Damnhandy
GitHub Privacy 101: How to remove personal emails from your public repos
UKHomeOffice/repo-security-scanner
Did you enjoy this issue?
Yuval Oren

SecOps Thursday

If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
Powered by Revue