Sahwa@reddthat.comcake to Technology@lemmy.worldEnglish · 2 months ago‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHubgizmodo.comexternal-linkmessage-square100linkfedilinkarrow-up1818arrow-down14cross-posted to: cybersecurity@sh.itjust.workshackernews@lemmy.bestiver.sepulse_of_truth@infosec.pub
arrow-up1814arrow-down1external-link‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHubgizmodo.comSahwa@reddthat.comcake to Technology@lemmy.worldEnglish · 2 months agomessage-square100linkfedilinkcross-posted to: cybersecurity@sh.itjust.workshackernews@lemmy.bestiver.sepulse_of_truth@infosec.pub
minus-squarenymnympseudonym@piefed.sociallinkfedilinkEnglisharrow-up7·2 months agoYou know what’s ironic? FedRAMP rules dictate that Thou Must Scan Thy Repos for Secrets (tokens, passwords, etc) GitHub, ButrBucket, etc all have this out of the box for enterprise customers https://support.atlassian.com/bitbucket-data-center/kb/how-to-scan-for-and-remove-passwords-or-secrets-in-bitbucket-server-repositories/
You know what’s ironic? FedRAMP rules dictate that Thou Must Scan Thy Repos for Secrets (tokens, passwords, etc)
GitHub, ButrBucket, etc all have this out of the box for enterprise customers
https://support.atlassian.com/bitbucket-data-center/kb/how-to-scan-for-and-remove-passwords-or-secrets-in-bitbucket-server-repositories/