Shulou(Shulou.com)06/03 Report--

This article focuses on "how PyPl joins the GitHub secret scanning program". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how PyPl joins the GitHub secret scanning program".

Secret scanning Program (Secret scanning program) is a service launched by GitHub. GitHub works with warehouse owners to conduct secret scans of the warehouse to secure secret token formats, which will search for accidentally submitted token formats. This prevents accidental use of erroneous submissions for fraudulent purposes.

Recently, GitHub announced a partnership with Python Package Index (PyPI) to help protect users from PyPI API token disclosure.

According to the announcement, from now on, GitHub will scan every submission of the public warehouse for exposed PyPI API tokens. It will forward any tokens found to PyPI,PyPI and automatically disable them and notify their owners in the process. This end-to-end process takes only a few seconds.

GitHub said PyPI is another integrator to join GitHub's secret scanning program. Since 2018, GitHub has worked with 35 token issuers to help them keep their customers safe. At the same time, GitHub also welcomes more integrators to join their plan to conduct secret scans of public warehouses.

How to join the secret scanning program:

Contact GitHub to start the process

Determine the relevant secrets to scan and create regular expressions to capture them

For secret matches found in public repositories, create a secret alert service to accept web hooks containing secret scan message payloads from GitHub

Implement signature verification in secret alarm service

Implement secret revocation and user notification in secret alarm service

Provide false alarm feedback (optional).

Not only that, GitHub Advanced Security (Advanced Security) customers can now scan their private warehouses to prevent leakage.

At this point, I believe you have a deeper understanding of "how PyPl joins the GitHub secret scanning program". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.