The Open Source Way

Credential Digger – detecting leaked secrets on GitHub

Listen Later

Credential Digger is an SAP Open-Source code scanner for detecting hardcoded secrets. In this episode, Slim Trabelsi discusses with host Karsten Hohage what led to the creation of Credential Digger and about its key differentiators. Slim also speaks of the early challenges of scanning for secrets, and lists the many advantages of using open source for building and maintaining Credential Digger. Open source comes with visibility for customers, and contributors can work on a project even before they join the team or after they leave, leading to improved continuity and a better tool overall.

Guests:

Slim Trabelsi joined SAP 15 years ago and currently works as a senior security expert in the SAP Security Research team. His background includes data privacy, data protection, and social media security. He is currently focusing his research activities on cyber security, threat intelligence, and surveillance. Slim recently developed an open-source tool called Credential Digger, which is used to identify hardcoded secrets in source code repositories like GitHub.  

  • Twitter: https://twitter.com/slim_security
  • LinkedIn: https://www.linkedin.com/in/slim-trabelsi-94534a83/
  • GitHub: https://github.com/SlimTrabelsi
  • SAP People: https://people.sap.com/slim.trabelsi  
    • Show Notes:
    • Links
      • https://github.com/SAP/credential-digger
      • https://github.com/SAP/vs-code-extension-for-project-credential-digger
      • Credential Digger: Using Machine Learning to Identify Hardcoded Credentials in Github – blog post
      • SAP Security Research
      • https://huggingface.co/SAPOSS/password-model
      • NIST – Source Code Security Analyzers

        • SAP Open Source Program Office
          • SAP Open Source at SAP Community
          • SAP Open Source Twitter
          • [email protected]
          • Additional Downloads:
            • Download transcript as PDF file

              • Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I)

              LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

              The post Credential Digger – detecting leaked secrets on GitHub first appeared on The Open Source Way.

              ...more
              View all episodesView all episodes
              Download on the App Store
              The Open Source WayBy SAP SE
              • 4.8
              • 4.8
              • 4.8
              • 4.8
              • 4.8

              4.8

              4 ratings

              More shows like The Open Source Way

              View all
              Der Tag by hr

              Der Tag

              11 Listeners

              Freak Show by Metaebene Personal Media - Tim Pritlove

              Freak Show

              10 Listeners

              Logbuch:Netzpolitik by Metaebene Personal Media - Tim Pritlove

              Logbuch:Netzpolitik

              7 Listeners

              Making Sense with Sam Harris by Sam Harris

              Making Sense with Sam Harris

              26,462 Listeners

              SAP BTP Talk by SAP SE

              SAP BTP Talk

              8 Listeners

              Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

              Syntax - Tasty Web Development Treats

              987 Listeners

              UKW by Metaebene Personal Media - Tim Pritlove

              UKW

              1 Listeners

              Spektrum-Podcast by detektor.fm – Das Podcast-Radio

              Spektrum-Podcast

              16 Listeners