Private-ish GitHub repos - Tyler Cipriani
submited by
Style Pass
And GitLab has had at least three incidents matching the search “GitLab+Private repos” in the Common Vulnerabilities and Exposures (CVE) database (1, 2, 3).
Given there is little we can do to defend against some of the (admittedly unlikely, though not unprecedented) problems with forges, the best thing you can do is to avoid putting sensitive information into private repositories.
You can set a policy and ensure developers use secret scanners as pre-commit git hooks. Inject secrets into your application at runtime.
Read more tylerciprian...
