SourceClear Open Sources Tool That Identifies Potentially Hazardous Commits
|Stuart Parkerson in Security Monday, June 13, 2016|
SourceClear has open sourced its Commit Watcher tool which identifies accidental disclosure of sensitive information (SSH keys, AWS credentials, etc.) and security patches for vulnerabilities that are not explicitly disclosed.
In a blog post the company commented, “We initially built Commit Watcher to discover these undisclosed (but public) security patches, which are fed into the Source Clear Registry once they have been verified. When we added the ability to find accidentally disclosed secrets in projects, we realized how valuable this tool can be for every company releasing open source software. Companies can watch their own projects, public and private, for accidental disclosures, and take remedial action as soon as possible.”
Commit Watcher ships with dozens of rules to find commits containing credentials from services like Amazon Web Services and Salesforce, to SSH keys, API tokens, database dump files, and more. The platform also looks for commits and commit messages that contain keywords that are often associated with security vulnerabilities.
Read more: https://github.com/srcclr/commit-watcher/
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more