GitGuardian: Secrets in the Source Code Need Protection

Every day, more than 10,000 secrets a.k.a. digital authentication credentials, are exposed in GitHub repositories. Leaving secrets in source code gives attackers easy access to an organisation’s IT systems. Even worse, an organisation may never know they were there – or how they got in.

Your organisation's secrets need to be kept out of source code for their protection. Digital authentication credentials give your developers access to cloud infrastructure, third-party APIs, databases, payment providers, and pretty much every component needed to build and run modern applications. As such, while they are wholly necessary to development and operations, secrets are highly susceptible to compromise due to the power they hold. 

 Unprotected secrets in the source code are exposed daily

Keeping secrets out of the source code is essential for any business. In this podcast, Richard Stiennon, Chief Research Analyst at IT-Harvest, joins Mackenzie Jackson, Developer Advocate at GitGuardian, to explore Secrets Sprawl or the phenomenon of (unwanted) secrets distribution across Git repositories and DevOps tools.

 This conversation covers:

• Defining secrets: why organisations need to protect them and how they are so easily exposed

• How Git repositories work and how secrets in both public and private repositories are at risk

• How 'bad actors' locate these secrets and how easy it is for them to exploit them

• Ways in which organisations can regain control of these issues at scale thanks to automated secrets detection and remediation