GitGuardian launched a free device referred to as ‘HasMySecretLeaked’ to help safety engineers in proactively checking if their group’s confidential info has been uncovered on GitHub.com.
This device addresses the problem of safeguarding secrets and techniques within the cloud-native utility improvement realm, the place organizations battle with secrets and techniques spreading throughout developer instruments. In response to the corporate, these secrets and techniques are additionally prone to being leaked, particularly throughout off-hours, and would possibly find yourself in private GitHub repositories exterior the group’s attain.
“HasMySecretLeaked” is a non-public database with over 20 million information of hashed secrets and techniques leaked in public sources, together with GitHub.com. Customers can question the database by submitting a hashed model of their secret within the search console, and GitGuardian will search for their excellent matches with out revealing some other secrets and techniques or their places.
“Figuring out whether or not your ‘vaulted’ secrets and techniques have leaked publicly is only one API name away. We constructed a privacy-safe and safe course of that returns an unequivocal reply to the essential query: Has my secret leaked?” mentioned Eric Fourrier, co-founder and CEO of GitGuardian.
Beginning in the present day, GitGuardian customers can use the ‘HasMySecretLeaked’ device straight by way of the ggshield command-line interface. Moreover, ggshield has plugins for retrieving secrets and techniques from instruments like HashiCorp Vault and AWS Secrets and techniques Supervisor, permitting customers to examine them for leaks in native environments.
This characteristic can also be built-in into the GitGuardian Platform, which notifies safety groups if hardcoded secrets and techniques in organization-owned repositories, Slack workspaces, or Jira tasks are unintentionally uncovered in public sources past the group’s management or visibility.
GitGuardian actively scans each public commit on GitHub to determine potential leaks of delicate info, comparable to API keys, database entry credentials, and developer secrets and techniques. In 2020, it detected 3 million uncovered secrets and techniques, and this quantity elevated to six million in 2021, with a leap to 10 million in 2022.