HackerTrans
TopNewTrendsCommentsPastAskShowJobs

segudev

no profile record

Submissions

[untitled]

1 points·by segudev·hace 2 años·0 comments

[untitled]

1 points·by segudev·hace 2 años·0 comments

[untitled]

1 points·by segudev·hace 3 años·0 comments

Avoiding Secrets Leaks: Practical Tips for SecOps Practitioners

blog.gitguardian.com
2 points·by segudev·hace 3 años·0 comments

[untitled]

1 points·by segudev·hace 3 años·0 comments

Show HN: We've built SaaS-Sentinel, the Downdetector for supply chain breaches

blog.gitguardian.com
7 points·by segudev·hace 3 años·0 comments

Show HN: Honeytoken – give attackers a taste of their own medicine

gitguardian.com
3 points·by segudev·hace 3 años·0 comments

GitHub Exposed a Private SSH Key: What You Need to Know

blog.gitguardian.com
4 points·by segudev·hace 3 años·1 comments

10M Secrets Discovered in GitHub in 2023, Exposed by 1.35M Authors (1 in 10)

gitguardian.com
4 points·by segudev·hace 3 años·0 comments

Top Practices for Secure Software Development

blog.gitguardian.com
1 points·by segudev·hace 3 años·1 comments

Code Confessions: Share Your Hardcoded Secret Horror Stories

shittysecrets.dev
1 points·by segudev·hace 4 años·0 comments

Secrets Horror Stories

shittysecrets.dev
1 points·by segudev·hace 4 años·0 comments

Secrets Management Maturity Model

gitguardian.com
2 points·by segudev·hace 4 años·0 comments

SOPS: A Comprehensive Guide

blog.gitguardian.com
2 points·by segudev·hace 4 años·0 comments

10 Rules for Better Cloud Security

blog.gitguardian.com
1 points·by segudev·hace 4 años·0 comments

Lavarand

en.wikipedia.org
1 points·by segudev·hace 4 años·0 comments

comments

segudev
·hace 3 años·discuss
If the numbers look suspicious to you, I would suggest you check what is found more specifically about your company/organization.

GitGuardian can provide an automatic audit of your company-specific leaks we found on GitHub. Just ask: https://www.gitguardian.com/complimentary-audit-secrets-leak...

More details on how it works: https://blog.gitguardian.com/github-secrets-leak-free-audit/
segudev
·hace 4 años·discuss
I'm afraid I have to disagree. There are so many different needs it is impossible to discredit them so simply. I recommend that readers take inspiration from this model of maturity to see more clearly: https://www.gitguardian.com/files/secrets-management-maturit...
segudev
·hace 4 años·discuss
Unfortunately, it's not as simple as that. Lots of secrets are "generic" (think of a DB user/password combination), meaning that you need to take into account the surrounding source code context to be able to determine if they are a "real" secret.

Here is a full explanation if you are interested: https://blog.gitguardian.com/why-detecting-generic-credentia...
segudev
·hace 4 años·discuss
Indeed, last year we detected on average 84 AWS IAM creds for every 10k commits pushed to GitHub

https://res.cloudinary.com/da8kiytlc/image/upload/v164614852...