#GitSecurity

@hendryadrian.bsky.social

2 days ago

Hardcoded Secrets in AI-Generated Code: Catch Them Before Git Does AI coding models frequently insert hardcoded credentials into generated code because they learned "working" patterns from public repositories, which puts secrets into source files, git history, and client-side bundles. Prevent with a fast pre-commit scanner and deep-history verification—Gitleaks blocks commits while TruffleHog scans history and verifies live credentials to prioritize rotation. #Gitleaks #TruffleHog

AI coding models often embed hardcoded credentials from training on public repos, exposing secrets in source files and git history. Tools like Gitleaks and TruffleHog help detect and manage these risks. #GitSecurity #SecretManagement #USA

0 0 0 0

Offensive Sequence

@offseq.bsky.social

1 month ago

CVE-2026-30832: CWE-918: Server-Side Request Forgery (SSRF) in charmbracelet sof The vulnerability CVE-2026-30832 affects charmbracelet's soft-serve, a self-hosted Git server designed for command-line use. Versions from 0.6.0 to before 0.11.4 contain a Server-Side Request Forgery (SSRF) flaw categorized under CWE-918. A

CRITICAL: SSRF in charmbracelet soft-serve (0.6.0 – 0.11.4) lets SSH users access internal services via crafted LFS endpoints. Upgrade to 0.11.4+ now! radar.offseq.com/threat/cve-2026-30832-cw... #OffSeq #SSRF #GitSecurity

0 0 0 0

roxsross

@roxsross.bsky.social

2 months ago

🔧 Configuración Errónea en Webhooks de AWS CodeBuild Puso en Riesgo Accesos de Admin

AWS corrigió fallos en filtros de webhooks que podían permitir acceso no autorizado

devops.com/aws-codebuild-webhook-mi...

#CodeBuild #CI_CD #GitSecurity #RoxsRoss

1 1 0 0

CyberMaterial

@cybermaterial.bsky.social

2 months ago

Target Dev Server Offline After Hack
Read More: buff.ly/9lAkaT2

#TargetBreach #SourceCodeLeak #DevSecOps #GitSecurity #RepoExposure #SupplyChainRisk #CorporateEspionage #IncidentResponse #DataExtortion

0 0 0 0

Mark Jack

@markjackmilian.bsky.social

3 months ago

Learn how to effectively use Git push protection to remove secrets from your codebase the right way! Enhance security on Azure Active Directory with key strategies. #Cybersecurity #GitSecurity

0 0 0 0

Tom Smith

@ctsmithiii.bsky.social

5 months ago

Git Services Need Better Security. Here's How End-to-End Encryption Could Help - DevOps.com New research shows how Git services can implement efficient end-to-end encryption without sacrificing performance or compatibility.

devops.com/git-services-need-better-security-heres-how-end-to-end-encryption-could-help/ #DevOps #GitSecurity #CyberSecurity #DevSecOps #GitHub

1 0 1 0

FreelanceBar.me

@freelancebarme.bsky.social

8 months ago

Git security vulnerabilities announced Today, the Git project released new versions to address seven security vulnerabilities that affect all prior versions of Git.

New security updates for Git address seven vulnerabilities in all previous versions. Stay protected and update now. #GitSecurity #VulnerabilityFixed github.blog/open-source/git/git-secu...

0 0 0 0

Hacker News Companion

@hncompanion.com

8 months ago

Git vulnerability found: RCE during clone via malicious submodules. Issue: Git mishandles carriage returns in paths, leading to writing data to unintended locations and enabling malicious hook execution. #GitSecurity 1/6

0 0 1 0