Y
Hacker News
new
|
ask
|
show
|
jobs
by
parineum
33 days ago
Not posting secrets to public GitHub repos doesn't need red teaming.
4 comments
ceejayoz
33 days ago
A red team might well notice that the build process doesn't check for accidentally committed secrets.
link
jnovek
33 days ago
Storing a bunch of passwords in a plain-text list that an individual can access violates zero-trust AND least-privilege which I think a red team might have some opinions on.
link
wil421
33 days ago
At my job the commits wouldn’t have even made it to our private GitHub repo. The scanners would’ve rejected it when you tried to push a commit.
They find keys and tokens all the time.
link
gumby271
33 days ago
And yet, here we are.
link