GitLab now automatically warns against merging API keys into your codebase

GitLab now automatically warns against merging API keys into your codebase 1

GitLab, the hugely popular devops platform, today announced the introduction of secrets detection with version 11.9 of the service. This means that should someone inadvertently include an API key or secret in a commit to a shared repository, the service will warn the user.

From a security perspective, this is a huge advantage. API secrets are supposed to be that – secret. If they fall into the wrong hands, an attacker could use them to gain third party services at the developer’s expense.

AWS keys, for example, can be weaponized to spin up hundreds of hugely expensive instances, which can be used to mine cryptocurrencies. A stolen Twilio API key could be used to call expensive premium rate phone numbers or broadcast a deluge of SMS spam.

Even if you’re working on a private repository, you still shouldn’t bake API keys in the code. It’s terrible practice.

GitLab’s secret detection software is part of its static analysis tool, called SAST (Static Application Security Testing). This is primarily used to check code for other known vulnerabilities, like cross site scripting (XSS) flaws in websites. Should SAST see you’ve included an API key, it’ll warn you before you merge your commit into the main codebase.

The fact that it warns prior to committal is hugely helpful. Because it’s not warning after the fact, it means that developers don’t necessarily have to revoke the key as a precautionary measure, saving time, effort, and preventing any potential downtime.

It’s worth mentioning that GitHub has had a similar feature for a while. Since 2015, it’s proactively checked repositories for leaked OAuth tokens. In October of last year, it updated this service to check for a broader swathe of tokens, including those from Slack and Stripe. GitHub then warns these vendors so they can, if the circumstances require it, revoke the token.

Of course, it’s not clear if that’s helping shape user behavior. Stupid is as stupid does, and a recent study from North Carolina State University found as many as 100,000 repositories containing API tokens and cryptographic keys (PDF).

This isn’t the only update to come with GitLab 11.9. The service now offers better, more granular controls when it comes to merging updates. This is helpful for those teams that have naturally grown to the point where a one-size-fits-all approach doesn’t quite work.

GitLab has also open-sourced its ChatOps tool, allowing users of its free and basic self-managed plans to control CI/CD jobs from within messaging apps, like Slack and Mattermost.

This update is available now. And given that everyone’s made this rookie error at some point in their life (no shame), it’s probably for the best.


TNW Conference 2019 is coming! Check out our glorious new location, inspiring line-up of speakers and activities, and how to be a part of this annual tech bonanza by clicking here.

GitLab now automatically warns against merging API keys into your codebase 2
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 44,669.00
ethereum
Ethereum (ETH) $ 3,135.79
cardano
Cardano (ADA) $ 2.26
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 382.16
xrp
XRP (XRP) $ 0.995615
solana
Solana (SOL) $ 148.65
polkadot
Polkadot (DOT) $ 32.71
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.222657
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 44,669.00
ethereumEthereum (ETH)
$ 3,135.79
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 549.70
litecoinLitecoin (LTC)
$ 163.89
bitcoinBitcoin (BTC)
38.089,12
ethereumEthereum (ETH)
2.673,88
tetherTether (USDT)
0,852697
bitcoin-cashBitcoin Cash (BCH)
468,73
litecoinLitecoin (LTC)
139,75
bitcoinBitcoin (BTC)
32,747.96
ethereumEthereum (ETH)
2,298.93
tetherTether (USDT)
0.733125
bitcoin-cashBitcoin Cash (BCH)
403.00
litecoinLitecoin (LTC)
120.15

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021

Blockchain/Cryptocurrency Questions and Answers

Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin44,724 0.27 % 2.52 % 7.19 %
Ethereum3,141.1 0.50 % 3.20 % 12.65 %
Cardano2.260 0.78 % 0.57 % 9.55 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Binance Coin382.27 0.26 % 1.19 % 11.08 %
XRP0.9969 0.25 % 0.26 % 10.90 %
Solana148.51 0.75 % 0.43 % 6.36 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
USD Coin1.000 0.03 % 0.19 % 0.24 %
Dogecoin0.2228 0.56 % 1.24 % 9.90 %

bitcoin
Bitcoin (BTC) $ 44,669.00
ethereum
Ethereum (ETH) $ 3,135.79
cardano
Cardano (ADA) $ 2.26
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 382.16
xrp
XRP (XRP) $ 0.995615
solana
Solana (SOL) $ 148.65
polkadot
Polkadot (DOT) $ 32.71
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.222657