Bleeping Computer

GitHub now scans for accidentally-exposed PyPI, RubyGems secrets

GitHub has recently expanded its secrets scanning capabilities to repositories containing PyPI and RubyGems registry secrets. The move helps protect millions of applications built by Ruby and Python ...
TechRepublic

GitHub offers secret scanning for free

The open source software development service has made it easier for developers using its public repositories to keep coding secrets and tokens close to the chest. Image: prima91/Adobe Stock ...
Hackaday

TruffleHog Sniffs Github For Secret Keys

Secret keys are quite literally the key to security in software development. If a malicious actor gains access to the keys securing your data, you’re toast. The problem is, to use keys, you’ve got to ...
CSOonline

GitHub secrets: Deleted files still pose risks

Deleted files within public GitHub repositories could still be exposing secrets like API keys, tokens, and credentials, if threat actors knew where and how to look. Cybersecurity researcher Sharon ...
heise online

New security features for GitHub to protect secrets

According to GitHub, it blocks several secrets such as passwords or API keys that are secured with push protection every minute. Nevertheless, secret leaks remain one of the most common causes of ...
CSOonline

GhostAction campaign steals 3325 secrets in GitHub supply chain attack

GitGuardian has disclosed a new software supply chain attack campaign, dubbed GhostAction, that exfiltrated thousands of sensitive credentials before being detected and contained on September 5. The ...