Secret Scan automatically scans GitHub Pull Requests for API tokens, RSA private keys, and other credential information to prevent any unintended exposure.
NEWPORT BEACH, CALIFORNIA, UNITED STATES, July 26, 2021 /EINPresswire.com/ — Sider, a developer and provider of software development support solutions, launched "Secret Scan", a feature useful for DevSecOps initiatives and security improvements, on July 27. This feature is available in code review SaaS "Sider".
Secret Scan is a feature that automatically scans GitHub Pull Requests for secret information such as API secret keys, RSA private keys, etc. It is automatically scanned with each Pull Request.
It can also be used with the recently launched branch-wide analysis feature to check for the presence of secret information in the current repository source code. If Sider reports that you have committed code that contains secret information, please disable the secret information as soon as possible.
Secret Scan can be used by enabling it from Tools in the repository settings. Since it is very important to detect security issues, this feature will be enabled in all repositories using Sider.
Security and Development Productivity
The term "DevSecOps" has emerged from the realization that security is also a major factor in development productivity. This is in the context of DevOps initiatives that aim to achieve high-quality, continuous software development. Sider, which supports the improvement of development productivity, is also working to go beyond code review automation and achieve DevSecOps as a support function.
In order to continuously attain a high level of quality and security, software developers (and not just those in charge) need to pay attention to security. While Infrastructure as Code (IaC), in which IT infrastructure is coded and controlled for development productivity, is spreading, there are more and more opportunities for accidents in which information that should not be disclosed, such as private keys, are included in repositories.
With the growing pains of manually checking source code that is updated daily, many companies have begun to rely on support services that automate security checks. This in turn has meant using a number of services together to cover a wide range of checks, which have become costly and time-consuming.
However, Secret Scan, which prevents the leakage of credential information, is available to all Sider users at no extra charge*, and can be used as an extension of efforts to improve development productivity by streamlining security measures at no cost or administrative effort.
DevSecOps is gaining attention as a way to balance development productivity and software security, and Sider plans to continue providing DevSecOps features that contribute to improved development productivity. We look forward to working with you.
* On licensing fees
Some of the services that work with GitHub to inspect credential information cost more than 60 USD per user per month for each additional license. Sider offers automatic code review and credential information detection (Secret Scan), which also includes other features to support development productivity, such as automatic vulnerability assessment and code quality evaluation, all for as low as 12 USD per user per month.
Sider Inc. is a product development company in the field of software engineering, which provides Sider, an automated code review service, and Sider Team Insights, a project management assistant tool. Sider is committed to improving the development experience for all engineers by realizing a world where AI and people collaborate in development. For more information, please visit https://siderlabs.com/. Also, register for Sider’s upcoming webinar “What 1,000,000 developer hours taught us about software bugs and its cost”.
Source: EIN Presswire