New GitHub App to Protect your Code from Sensitive Data
Recently, Twilio, a web service API for automating SMS messaging and calling, launched a free open source DevOps tool with the main goal of preventing sensitive data from being uploaded to GitHub.
The new tool was created by the Twilio security team and was named Deadshot (yep, similar to a character in the DC universe). According to their observations, organization’s sensitive data (e.g. credentials, secrets, or tokens) often end up in the code repository without the knowledge of the developers. This information is a tidbit for criminal hackers. However, it is impossible to manually track the entire organization’s codebase, which is why Deadshot was created.
Deadshot is a Python-based multi-container Flask-Celery-Redis application. It installs as a Github app and runs on every pull request generated for the main branch of the repository where the app is installed. The essence of the work is that the app monitors the presence of sensitive information in the code and, if detected, sends a warning to the developers before it is uploaded to the repository.
Deadshot works in real time and doesn’t need to be re-deployed every time. When a privacy violation is detected, the tool adds a comment to the pull request, creates a Jira ticket, and can also send a notification to Slack.
Dominic Kundel, staff developer advocate for Twilio, tweeted that the Twilio team has been using the app successfully and it is “awesome”.
By the way, in Notify.Events you can easily set up sending notifications to Twilio and Slack. These and 40+ more instant messengers and other communication tools are available for adding as recipients. Find out how to create your own thematic channel and start receiving notifications in a convenient way today.