Techly NewsGet the app

Get the latest tech news

How to Scan Force Pushed Commits for Secrets


The new Force Push Scanner tool scans for secrets in dangling commits on GitHub that remain exposed after certain force push operations.

This implies tens of millions of dangling commits are still accessible on GitHub.The volume of unintentionally retained historical data represents a severe and underappreciated security exposure across open-source projects. *Unique meaning we deduplicated dangling commits within repositories, to ensure that multiple force push events from a single repo don’t inflate the results. Use what you find not just to address past exposures, but to champion the preventative guardrails, like pre-commit hooks and CI pipeline checks, that stop secrets from becoming a permanent part of your repository’s hidden history in the first place.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of secrets

secrets

Photo of commits

commits

Photo of scan force

scan force

Related news:

News photo

GCP CloudQuarry: Searching for Secrets in Public GCP Images

News photo

SRAM Has No Chill: Exploiting Power Domain Separation to Steal On-Chip Secrets

News photo

The Secrets We Keep

« Introduction to XEphem (Motif)
We benchmarked Cyberpunk 2077 on Switch 2, PS4, PS4 Pro and Series S - so what did we learn? »