Hacker News new | past | comments | ask | show | jobs | submit | segudev's comments login

If the numbers look suspicious to you, I would suggest you check what is found more specifically about your company/organization.

GitGuardian can provide an automatic audit of your company-specific leaks we found on GitHub. Just ask: https://www.gitguardian.com/complimentary-audit-secrets-leak...

More details on how it works: https://blog.gitguardian.com/github-secrets-leak-free-audit/


I'm afraid I have to disagree. There are so many different needs it is impossible to discredit them so simply. I recommend that readers take inspiration from this model of maturity to see more clearly: https://www.gitguardian.com/files/secrets-management-maturit...


Unfortunately, it's not as simple as that. Lots of secrets are "generic" (think of a DB user/password combination), meaning that you need to take into account the surrounding source code context to be able to determine if they are a "real" secret.

Here is a full explanation if you are interested: https://blog.gitguardian.com/why-detecting-generic-credentia...


Indeed, last year we detected on average 84 AWS IAM creds for every 10k commits pushed to GitHub

https://res.cloudinary.com/da8kiytlc/image/upload/v164614852...


Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: