More

aghlabid00x0 · on April 26, 2023

Forest Admin's out-of-the-box admin panel + the convenience of the cloud, this is all developers ever wanted for their internal tools!

aghlabid00x0 · on Feb 16, 2023

To Casablanca, Morocco.

aghlabid00x0 · on Jan 20, 2023

Hey, maybe try running a GitGuardian [1] scan on all those repositories to look for hardcoded secrets. GitGuardian can also test in some cases if the secrets are valid or not, meaning you have to revoke and rotate them asap. I hope this helps.

[1] https://www.gitguardian.com/monitor-internal-repositories-fo...

Disclaimer: I work for GitGuardian.

aghlabid00x0 · on Dec 27, 2022

geez.

polishdude20 · on Dec 27, 2022

Louise

anm89 · on Jan 2, 2023

You are literally asking why we don't say what is literally true and instead we say something that elicits an image by comparison.

That's the answer. Because they choose to use a metaphor instead of speaking literally.

aghlabid00x0 · on Nov 13, 2022

“dark matter” sounds like marketing speak.

aghlabid00x0 · on Oct 27, 2022

well, they haven’t turned my building’s heating on yet.

aghlabid00x0 · on Oct 14, 2022

Here's a checklist [1] (again, from gitguardian) of steps to follow before open-sourcing projects and [2] a guide on how to remediate hardcoded/exposed secrets.

[1] https://blog.gitguardian.com/safely-open-source-software-bes... [2] https://blog.gitguardian.com/leaking-secrets-on-github-what-...

aghlabid00x0 · on Oct 13, 2022

Great idea, but hard to enforce. Just use a scanning CLI like TruffleHog, Gitleaks, or ggshield from GitGuardian to catch all sorts of hardcoded secrets.

aghlabid00x0 · on Oct 13, 2022

GitGuardian actually does this, it monitors an extended perimeter of devs and their personal/open-source repos for corporate secrets or keywords – https://www.gitguardian.com/monitor-public-github-for-secret...

sidewndr46 · on Oct 13, 2022

Yeah, because as an employee what I totally want is my employer to monitor my every digital move outside of work!

elguyosupremo · on Oct 14, 2022

Make a private repo. I wouldn't blame a corp if they tried to scan every public github repo for their API keys, let alone an employee's public account.

aghlabid00x0 · on Oct 13, 2022

In the meantime, try ggshield cli https://github.com/GitGuardian/ggshield

dinvlad · on Oct 13, 2022

Nah thanks, I'm already running Trufflehog for free on all of our multiple orgs' thousands of repos.

I think we would consider GG if its pricing was acceptable for non-profits though.

mcdwayne · on Oct 13, 2022

FYI - GitGuardian is free for individuals and teams smaller than 25

dinvlad · on Oct 13, 2022

As told earlier, we have thousands of repos. And our teams are thousands of users on GH.