User Tools

Site Tools


github_monitoring

Github Monitoring

Introduction

GitHub is a web-based platform that is primarily used for version control and collaboration in software development. It is built on top of the Git version control system and offers a wide range of features to support software development teams.

Using GitHub for an organization can introduce a number of security risks, including:

  • Data leakage: If an organization uses GitHub to store sensitive data, such as source code, login credentials, or customer data, there is a risk that this data may be accidentally leaked through a misconfigured repository or a compromised account.
  • Insider threats: If an organization uses GitHub to collaborate on projects, there is a risk that an employee or contractor may intentionally or accidentally cause a data breach, for example by committing sensitive information to a public repository.
  • Third-party risks: If an organization uses GitHub to collaborate with third-party vendors or open-source contributors, there is a risk that a malicious actor may use this access to gain unauthorized access to an organization's data or systems.
  • Malicious code injection: If an organization uses GitHub to manage their software development, there is a risk that a malicious actor may inject malicious code into the repository, which can then be executed on the organizations systems.
  • Phishing and Social engineering: GitHub is a platform that is widely used for software development and many developers are active on it. Hackers may use phishing and social engineering tactics to gain access to organization's sensitive information.
  • Compromised dependencies: If an organization uses open-source libraries, they may be unknowingly importing a compromised dependency into their codebase.

How can you investigate the results?

Kaduu allows you to capture search terms and check their publication on publicly available Github repositories. If there is a match, we publish the result with the corresponding link. Kaduu connects to Github once per day for each keyword. After you entered the keyword, you should see some results under the "view" button. Please be patient, the search can take up to 2 hours.

The results contain the link (1) to Github and the type of finding (2) which can be code, repository, user, commits, issues, discussions packages or wikis.

github_monitoring.txt · Last modified: 2023/05/22 20:40 (external edit)