You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A lot of Github users of large open source projects accidentally commit their GitHub credentials even when tools such as shhgit are being used at an alarming rate.
Although shhgit scans file systems and git repos as far as I am aware it doesn't currently scan commit metadata for passwords.
Recently this has been published:
https://www.notgitbleed.com/
A lot of Github users of large open source projects accidentally commit their GitHub credentials even when tools such as shhgit are being used at an alarming rate.
Since this work has been published we have worked with GitHub to mitigate this on GitHub and they have built a scanning tool:
https://github.blog/changelog/2022-04-11-secret-scanning-detects-and-revokes-leaked-passwords/
It would be great to confirm that shhgit doesn't currently scan git commit metadata and to find out if this is something you can support in future.
The text was updated successfully, but these errors were encountered: