top | item 43866407 (no title) Everdred2dx | 10 months ago How would you scan for your api keys on repos outside of your organization? I assumed this was a dev’s personal repo. discuss order hn newest kalkin|10 months ago https://docs.github.com/en/code-security/secret-scanning/sec... is one option Everdred2dx|10 months ago Neat. Thanks! squigz|10 months ago Well 1 option is the service from TFA.https://www.gitguardian.com/monitor-internal-repositories-fo... mcdwayne|10 months ago This was on public GitHub, which anyone can scan for anything. Their API is a firehose you can consume: https://api.github.com/eventsGitGuardian's public report on secrets sprawl talks about their methodology of scanning any commit https://www.gitguardian.com/state-of-secrets-sprawl-report-2... romellem|10 months ago The company I work for does this. I recently pushed an update to a personal repo that just contained a keyword match (the push included a dictionary.txt file which happened to include the company name) which flagged a review.
kalkin|10 months ago https://docs.github.com/en/code-security/secret-scanning/sec... is one option Everdred2dx|10 months ago Neat. Thanks!
squigz|10 months ago Well 1 option is the service from TFA.https://www.gitguardian.com/monitor-internal-repositories-fo...
mcdwayne|10 months ago This was on public GitHub, which anyone can scan for anything. Their API is a firehose you can consume: https://api.github.com/eventsGitGuardian's public report on secrets sprawl talks about their methodology of scanning any commit https://www.gitguardian.com/state-of-secrets-sprawl-report-2...
romellem|10 months ago The company I work for does this. I recently pushed an update to a personal repo that just contained a keyword match (the push included a dictionary.txt file which happened to include the company name) which flagged a review.
kalkin|10 months ago
Everdred2dx|10 months ago
squigz|10 months ago
https://www.gitguardian.com/monitor-internal-repositories-fo...
mcdwayne|10 months ago
GitGuardian's public report on secrets sprawl talks about their methodology of scanning any commit https://www.gitguardian.com/state-of-secrets-sprawl-report-2...
romellem|10 months ago