Secrets, such as keys and passwords, can sometimes make their way into source code. In this video, learn how to continuously scan to prevent leaking secrets.
- [Instructor] With the move to cloud … being more popular than ever, … keeping our programming secrets … is becoming more of a challenge. … And I'm not just talking about AWS and Azure, … but cloud tools like Bitbucket and GitHub … where application code is stored. … In this chapter, we'll talk about … how we can scan our code for secrets prior to deploy. … The idea with secret scanning … is to look through all of your code for secrets … accidentally hard coded during the development process. … AWS keys, passwords, and things like that … are most commonly found secrets … that have been accidentally exposed publicly. … When performing this analysis, … don't forget to include your infrastructure … as code in the scanning. … Many times, cloud keys are stored in the code … to make deployments easier and they're never removed. … From a process point of view, … I normally do this as a pre-commit hook in my job … and fail if secrets are found. … The right tool has many of the same principles as before, …
- What is DevSecOps?
- How application security is different with DevSecOps
- Continuous static and dynamic testing
- Continuously scanning to prevent leaking secrets
- Continuous container security
- Pulling security tools together with the Glue tool