Top 5 Git Security Mistakes

Necessity is often referred to as the mother of invention. So when you happen to be Linus Torvalds, a little bit of frustration can go a long way in creating something that leaves a lasting impact. 

Back in 2005, Torvalds was unsatisfied with the source control management (SCM) tools at his disposal. He complained that it simply took too long to apply patches and update the associated metadata, factors he knew could slow down the development of his Linux kernel.

With no other good free options available, Torvalds got to work on creating his own distributed source control system, eventually creating Git. In the years since then, Git has become the standard for how teams share and collaborate on code and a primary driver of the open source ecosystem. Companies offering Git solutions like GitHub and GitLab have grown to become valuable companies and essential platforms for developers. 

Git Security: Getting it Right 

However, despite its widespread use, many are still making critical mistakes in how they use Git and compromising their security.   

In hopes of learning from the mistakes of others and not making them ourselves, we have compiled a list of the top 5 Git security mistakes along with some suggestions on how to keep your code and Git repos secure.

#1 Hardcoding Sensitive Data

This Git security fail is always worthy of a hard facepalm but we all have been guilty of it at some point. Hardcoding credentials or encryption keys in code is dangerous due to the fact that we are leaving sensitive info in plain text that is easy to read.

Having a code file on your desktop that holds your encryption key is bad enough but Git adds another layer of risk. When you check-in your code, that plaintext (Read more…)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: