GitGuardian Reports Careless Handling of Application Secrets

Source:-https://devops.com/ A new report, the 2021 State of Secrets Sprawl on GitHub, published today by GitGuardian, a provider of a tool for monitoring usage of application secrets, suggests developers are not especially good at keeping those secrets safe. Based on an analysis of every single commit made to GitHub, the report finds there has been a 20% year-over-year increase in the number of secrets – such as application programming interface (API) keys, private keys, certificates, usernames and passwords – discovered

Experiment reveals differences in secret leak detection on Git code repositories

Source:-https://portswigger.net A new experiment by a Polish security researcher offers a fresh perspective on the well understood but still all too common problem of developers accidentally publishing secrets to code repositories. Andrzej Dyjak recently ran an experiment to see how long it took before a secret committed to a public repository (such as API or cryptographic keys) was exploited. An AWS key generated using the Thinkst Canary digital tripwire service was first compromised after 11 minutes when posted to GitHub,