|
|
|
|
|
|
by Ayesh
2609 days ago
|
|
|
There was a Docker Hub breach a few days ago, that's probably related. I took a good look at how my personal tokens were used in Github and Gitlab. - Enable 2FA. - Enable Commit signing with GPG. for the past 2-3 years, I have slowly moved to sign commits and tags. GPG keys take a log of hygiene to work with (sub keys, revocation, etc), but they definitely can help in a situation like. Git is a distributed VCS. If you have a repo cloned in a secure location (your server, Dev machine, etc), that is just as good as your Gitlab/hub hosted copy. |
|
|