GitLab, the hugely popular devops platform, today announced the introduction of secrets detection with version 11.9 of the service. This means that should someone inadvertently include an API key or secret in a commit to a shared repository, the service will warn the user. From a security perspective, this is a huge advantage. API secrets are supposed to be that – secret. If they fall into the wrong hands, an attacker could use them to gain third party services at the developer’s expense. AWS keys, for example, can be weaponized to spin up hundreds of hugely expensive instances, which can…
This story continues at The Next Web
GitLab now automatically warns against merging API keys into your codebase
Source: The Next Web
