Technology Radar
Published : Oct 26, 2022
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Oct 2022
Assess
意外泄露机密似乎是一个老生常谈的事故,也出现了像 Talisman 这样的工具来帮助解决这个问题。在此之前,拥有高级安全许可证的 GitHub Enterprise Cloud 用户可以对其帐户启用安全扫描,意外提交和推送的任何机密(API 密钥、访问令牌、凭据等)都会触发警报。GitHub 推送保护更深入了一步,并将其提前到了开发工作流程中,如果更改被推送的时候检测到有机密,则直接拒绝这次推送。 这需要为组织进行配置,当然仅适用于许可证持有者,但欢迎提供额外的保护以防止泄露机密。
