Discover and read the best of Twitter Threads about #productsecurity

Most recents (1)

How we monitor secrets committed in our self hosted @gitlab instance in real time ?

(Twitter thread which summarises multiple experiments)

#ProductSecurity #gitlab #security
Use Pre-commit / Pre-receive / Post-receive git hooks ?

Pre-commit : scan for secrets before commit. Prevents committing secrets by devs

Problem: requires access to dev laptops (privacy issue?). Hard to manage regexes in their laptop. Harder in a company hiring lots of devs
Pre-receive : scan for secrets before commits are saved in Gitlab. If secrets found reject. Easy to manage server controls.

Problem: If a person commits secret to code, server rejects push. The person requires (advanced) git skills to remove secret from git history
Read 15 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!