Techly NewsGet the app

Get the latest tech news

I scanned all of GitHub's "oops commits" for leaked secrets


GitHub Archive logs every public commit, even the ones developers try to delete. Force pushes often cover up mistakes like leaked credentials by rewriting Git history. GitHub keeps these dangling commits, from what we can tell, forever. In the archive, they show up as “zero-commit” PushEvents.

After the post, I had several conversations with various people including Dylan, the CEO of Truffle Security, who gave me some intriguing ideas for continuing to explore new methods for large-scale secret hunting. Luckily for us a great developer named Ilya Grigorik decided many years ago to start a project that listens to GitHub’s event stream and systematically archives it. No need to build it, because together with Truffle Security’s Research team, we’re open-sourcing a new tool to search the entire GH Archive for “Oops Commits” made by your GitHub organization or user account.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of GitHub

GitHub

Photo of leaked secrets

leaked secrets

Photo of oops commits

oops commits

Related news:

News photo

Microsoft open-sources VS Code Copilot Chat extension on GitHub

News photo

GitHub CEO: manual coding remains key despite AI boom

News photo

AllSpice’s platform is the GitHub for electrical engineering teams

« ASML, Airbus, Mistral Ask EU to Delay Start of AI Act Rules
There's no such thing as a tree (phylogenetically) (2021) »