preface
Github is a mecca for programmers, and uploaded code is inevitably scanned by automated 24×7 bots. Even students with good security awareness will accidentally upload sensitive information. With GitGuardian, we can be notified immediately, deal with the problem and stop the bleeding in time.
introduce
Countless hackers use automated scripts to scan Github, steal data, steal credit cards, access databases directly, insert mining codes, or add backdoors.
GitGuardian is the first real-time, automatic scanning platform for open source project code. Github automatically alerts us when we post sensitive material to the open source project, such as an email.
The first platform scanning all GitHub public activity in real time for API secret tokens, database credentials or vault keys. Be alerted in seconds. Integrate in minutes.
It also provides a number of apis to alert users to problems, but the free version just sends emails.
Of course, you can also set multiple email addresses.
With that in mind, email ifTTT for more changes.
statistical
Number of security risks
In the week leading up to September 8, 2018, it scanned more than two million lines of code per day and discovered more than 40 leaked keys per hour.
Number of emails sent
So far, GitGuardian has sent out more than 100, 000 emails warning of security problems.
Method of use
-
Visit the GitGuardian website
-
Click SIGN IN WITH GITHUB IN the upper right corner
-
Click the Authorization button
Once the authorization is successful, you will receive an authorization notification email from Github
If you don’t need the service, you can always unauthorize it.
Afterword.
As a front-end engineer who loves open source projects, it’s inevitable to write a lot of code and upload it to Github. In order to prevent this kind of sensitive information exposure, in addition to adding automatic notifications, you also need to avoid uploading too much information to Github at the source. Sometime we’ll talk about how to start by checking code submissions.