| ▲ | parineum 4 hours ago | |
Not posting secrets to public GitHub repos doesn't need red teaming. | ||
| ▲ | wil421 2 hours ago | parent | next [-] | |
At my job the commits wouldn’t have even made it to our private GitHub repo. The scanners would’ve rejected it when you tried to push a commit. They find keys and tokens all the time. | ||
| ▲ | jnovek 3 hours ago | parent | prev | next [-] | |
Storing a bunch of passwords in a plain-text list that an individual can access violates zero-trust AND least-privilege which I think a red team might have some opinions on. | ||
| ▲ | ceejayoz 4 hours ago | parent | prev | next [-] | |
A red team might well notice that the build process doesn't check for accidentally committed secrets. | ||
| ▲ | gumby271 4 hours ago | parent | prev [-] | |
And yet, here we are. | ||