← Back to context Comment by parineum 12 hours ago Not posting secrets to public GitHub repos doesn't need red teaming. 4 comments parineum Reply ceejayoz 12 hours ago A red team might well notice that the build process doesn't check for accidentally committed secrets. jnovek 11 hours ago Storing a bunch of passwords in a plain-text list that an individual can access violates zero-trust AND least-privilege which I think a red team might have some opinions on. wil421 10 hours ago At my job the commits wouldn’t have even made it to our private GitHub repo. The scanners would’ve rejected it when you tried to push a commit.They find keys and tokens all the time. gumby271 12 hours ago And yet, here we are.
ceejayoz 12 hours ago A red team might well notice that the build process doesn't check for accidentally committed secrets.
jnovek 11 hours ago Storing a bunch of passwords in a plain-text list that an individual can access violates zero-trust AND least-privilege which I think a red team might have some opinions on.
wil421 10 hours ago At my job the commits wouldn’t have even made it to our private GitHub repo. The scanners would’ve rejected it when you tried to push a commit.They find keys and tokens all the time.
A red team might well notice that the build process doesn't check for accidentally committed secrets.
Storing a bunch of passwords in a plain-text list that an individual can access violates zero-trust AND least-privilege which I think a red team might have some opinions on.
At my job the commits wouldn’t have even made it to our private GitHub repo. The scanners would’ve rejected it when you tried to push a commit.
They find keys and tokens all the time.
And yet, here we are.