GitHub Tackles Leaked Python Tokens in Partnership With PyPI

Share Our Content With ⤦

Share on facebook
Share on twitter
Share on linkedin
Share on google
Share on whatsapp
Share on telegram
Share on reddit
Share on pinterest
Share on print


GitHub has partnered with the Python Package Index (PyPI), a third-party software repository for the Python programming language, to provide a new service aimed at protecting against leaked PyPI API tokens. This initiative starts immediately with GitHub hunting for vulnerabilities. 

GitHub announced that starting on March 22, 2021, they would begin scanning all commits to public repositories for exposed PyPI API tokens. Once tokens are discovered, they will be forwarded to PyPI for automatic disablement. Token owners will then be notified of the action.

This new process, which GitHub notes takes a matter of seconds to process from end-to-end, works to secure one of 35 tokens that the company has scanned for to date. This overall initiative for secret scanning at GitHub began back in 2018. 



Source link

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Share on reddit
Reddit
Share on telegram
Telegram
Share on email
Email

Leave a Reply

Your email address will not be published. Required fields are marked *