Sider Releases ‘Secret Scan’ that Prevents Secret Keys, API Tokens, and Other Credential Information from Entering Your Code

Sider has added a new feature called ‘Secret Scan’, which automatically scans GitHub Pull Requests for secret information such as API secret keys and RSA private keys. It is automatically checked with each update of the pull request.

It can also be used with the recently launched branch-wide analysis feature to check for the presence of secret information in the current repository source code. If Sider reports that you have committed code that contains secret information, please disable the secret information as soon as possible.

Example of exposed information found by Secret Scan 

SSH private key and AWS account ID detected by Secret Scan

How to use Secret Scan

Secret Scan can be used by enabling Secret Scan from Tools in the repository settings.

Since it is very important to detect security issues, this feature will be enabled in all repositories that use Sider.

Its importance, and why there are no additional charges

There have been many commercial services that perform security checks like these. Many of them could not be integrated with Git, however, there are a few emerging products that support GitHub.

While there are several companies that offer such products, we believe that Sider Secret Scan is the best overall product because of its low price and large coverage of area. This feature is available to all Sider users at no extra charge.

Conclusion

Security is very important in software development, and DevSecOps is becoming increasingly more important. In order to prevent security issues during coding, Sider has released the Secret Scan feature that prevents credentials such as private keys from being included in the source code.

We will continue to provide features necessary for DevSecOps, and we hope you will continue to use our service.

Hiroo Kato

Hiroo is responsible for marketing and messaging. He has 15 years of experience in education and tech consulting and joined Sider while pursuing technology ventures in the field of education. Hiroo holds an MA from Oxford University and is a Certified Scrum Product Owner.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.