Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Scout Monitoring - Free Django app performance insights with Scout Monitoring
Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.
www.scoutapm.com
featured
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
  • ggshield

    Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

    You can definitely use pre commit hooks for this like the one of ggshield https://github.com/GitGuardian/ggshield - remediation is far quicker when the secret does't make it to the codebase!

  • Scout Monitoring

    Free Django app performance insights with Scout Monitoring. Get Scout setup in minutes, and let us sweat the small stuff. A couple lines in settings.py is all you need to start monitoring your apps. Sign up for our free tier today.

    Scout Monitoring logo
  • gitleaks

    Protect and discover secrets using Gitleaks 🔑

    Good reminder to run Gitleaks[1] or Gitleaks-Action[2] on your repos

    [1] https://github.com/zricethezav/gitleaks

    [2] https://gitleaks.io/products

  • tartufo

    Searches through git repositories for high entropy strings and secrets, digging deep into commit history

    You could set up something like https://github.com/godaddy/tartufo in a pre-commit hook. Not sure if github has a way to hook into the push hooks on server side, they might though.

  • detect-secrets

    An enterprise friendly way of detecting and preventing secrets in code.

    Yelp has a "detect-secrets" project that can detect potential secrets and can be used as a pre-commit hook: https://github.com/Yelp/detect-secrets

  • trufflehog

    Find, verify, and analyze leaked credentials

    There are software like Trufflehog ( https://github.com/trufflesecurity/trufflehog ), that finds secrets. We are using it at organizational level, but there's always some delay from finding something and getting it reported. I've been meaning to add it both to our CI so our team can notice right away, and even to Git push hooks, to catch these cases early.

  • git-secrets

    Prevents you from committing secrets and credentials into git repositories

    I worked for a big startup last year and was on a contract deadline for integrating a vendor framework into a React Native app.

    It was taking too long to get a new temp demo license key and GitHub search with clever filters helped me track down a demo key that was recently uploaded to a test repo.

    This is also why I use git-secrets in my repos.

    https://github.com/awslabs/git-secrets

  • aws-sdk-for-php

    Discontinued (DEPRECATED) AWS SDK for PHP - Version 1. Version 3 is the latest:

  • CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • My boss keeps committing his creds into git

    6 projects | /r/devops | 24 May 2023
  • GitHub Access Token Exposure

    6 projects | news.ycombinator.com | 20 Nov 2022
  • Thinking Like a Hacker: AWS Keys in Private Repos

    3 projects | dev.to | 26 Oct 2022
  • Gitleaks – Protect and Discover Secrets

    1 project | news.ycombinator.com | 8 Sep 2024
  • Gitleaks: Find forgotten codes in your repositories

    2 projects | dev.to | 13 Jul 2024

Did you konow that Python is
the 1st most popular programming language
based on number of metions?