Sider Releases ‘Secret Scan’ that Prevents Secret Keys, API Tokens, and Other Credential Information from Entering Your Code

Sider has added a new feature called ‘Secret Scan’, which automatically scans GitHub Pull Requests for secret information such as API secret keys and RSA private keys. It is automatically checked with each update of the pull request.

It can also be used with the recently launched branch-wide analysis feature to check for the presence of secret information in the current repository source code. If Sider reports that you have committed code that contains secret information, please disable the secret information as soon as possible.

Example of exposed information found by Secret Scan 

SSH private key and AWS account ID detected by Secret Scan

How to use Secret Scan

Secret Scan can be used by enabling Secret Scan from Tools in the repository settings.

Since it is very important to detect security issues, this feature will be enabled in all repositories that use Sider.

Its importance, and why there are no additional charges

There have been many commercial services that perform security checks like these. Many of them could not be integrated with Git, however, there are a few emerging products that support GitHub.

While there are several companies that offer such products, we believe that Sider Secret Scan is the best overall product because of its low price and large coverage of area. This feature is available to all Sider users at no extra charge.

Conclusion

Security is very important in software development, and DevSecOps is becoming increasingly more important. In order to prevent security issues during coding, Sider has released the Secret Scan feature that prevents credentials such as private keys from being included in the source code.

We will continue to provide features necessary for DevSecOps, and we hope you will continue to use our service.

Aki Asahara

CEO of Sider. Aki joined Fixstars in 2008 and served major clients such as the US Airforce, MIT, USC, Toyota, and Hitachi High-technologies. After his successful tenure, he was appointed CEO of US operations in 2012. He was appointed CEO of Sider in 2019. He holds a Ph.D. in Astrophysics from Kyoto University and is a Certified Scrum Master.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.