Truffle Security Releases Force Push Scanner to Detect Secrets in GitHub Commits
By
mmcclure
10mo ago· 8 min readenNews
100/100
Golden Brown
Bagelometer↗
The kind of bagel that ruins lesser bagels for you.
Score100TypenewsSentimentneutral
Summary
The article introduces the Force Push Scanner, a tool developed by Truffle Security to detect secrets in dangling commits on GitHub that remain exposed after force push operations. It builds on previous research and explains how the tool operates at scale, analyzing years of GitHub activity to uncover sensitive data.
Key quotes
· 3 pulledBuilding on Truffle Security’s research into Deleted Data on GitHub from last summer and new research analyzing years of GH Archive data, we’ve developed the Force Push Scanner.
The Force Push Scanner scans for secrets in dangling commits on GitHub exposed by force pushes.
We explore how it operates at scale across years of GitHub activity, and reveal how many sensitive commits are still floating in the public domain.
The new Force Push Scanner tool scans for secrets in dangling commits on GitHub that remain exposed after certain force push operations.
You might also wanna read
How GitHub's Copilot Secret Scanning Uses AI to Detect Passwords in Code
The article details the development and functionality of GitHub's Copilot secret scanning feature, which uses AI to detect generic passwords
GitHub·1y ago
GitHub Implements Post-Quantum Secure SSH Key Exchange for Enhanced Git Data Protection
GitHub is introducing post-quantum secure SSH key exchange algorithms (sntrup761x25519-sha512) to enhance security for Git data access. This
GitHub·8mo ago