Sider has added a new feature called ‘Secret Scan’, which automatically scans GitHub Pull Requests for secret information such as API secret keys and RSA private keys. It is automatically checked with each update of the pull request.
It can also be used with the recently launched branch-wide analysis feature to check for the presence of secret information in the current repository source code. If Sider reports that you have committed code that contains secret information, please disable the secret information as soon as possible.
Example of exposed information found by Secret Scan
How to use Secret Scan
Secret Scan can be used by enabling Secret Scan from Tools in the repository settings.
Since it is very important to detect security issues, this feature will be enabled in all repositories that use Sider.
Its importance, and why there are no additional charges
There have been many commercial services that perform security checks like these. Many of them could not be integrated with Git, however, there are a few emerging products that support GitHub.
While there are several companies that offer such products, we believe that Sider Secret Scan is the best overall product because of its low price and large coverage of area. This feature is available to all Sider users at no extra charge.
Security is very important in software development, and DevSecOps is becoming increasingly more important. In order to prevent security issues during coding, Sider has released the Secret Scan feature that prevents credentials such as private keys from being included in the source code.
We will continue to provide features necessary for DevSecOps, and we hope you will continue to use our service.