SourceClear Open Sources Tool That Identifies Potentially Hazardous Commits
Monday, June 13, 2016
SourceClear has open sourced its Commit Watcher tool which identifies accidental disclosure of sensitive information (SSH keys, AWS credentials, etc.) and security patches for vulnerabilities that are not explicitly disclosed.
In a blog post the company commented, “We initially built Commit Watcher to discover these undisclosed (but public) security patches, which are fed into the Source Clear Registry once they have been verified. When we added the ability to find accidentally disclosed secrets in projects, we realized how valuable this tool can be for every company releasing open source software. Companies can watch their own projects, public and private, for accidental disclosures, and take remedial action as soon as possible.”
Commit Watcher ships with dozens of rules to find commits containing credentials from services like Amazon Web Services and Salesforce, to SSH keys, API tokens, database dump files, and more. The platform also looks for commits and commit messages that contain keywords that are often associated with security vulnerabilities.
Magento Progressive Web Applications (PWA) Studio marches in Wednesday, April 25, 2018
npm@6 package manager brings new security features Wednesday, April 25, 2018
Applitools raises $31M to advance visual AI Tuesday, April 24, 2018
How Blockchain is making an impact in healthcare Monday, April 23, 2018
Coinsource attempts to stop Bitcoin fraud Monday, April 23, 2018
Stay UpdatedSign up for our newsletter for the headlines delivered to you