Safeguard
Tag

git-security

Safeguard articles tagged "git-security" — guides, analysis, and best practices for software supply chain and application security.

11 articles

Application Security

Exposed .git Directories and the Git Internals That Leak Your Source

Roughly 4.96 million IPs expose .git metadata today, and over 252,000 leak live credentials in .git/config — a 2018-era bug that never went away.

Jul 15, 20266 min read
Application Security

Argument injection in Git and Mercurial CLI wrappers

A branch name like --upload-pack=/bin/sh isn't a string to Git — it's a flag. CVE-2017-1000117 and CVE-2017-1000116 show why that distinction matters.

Jul 10, 20266 min read
Best Practices

Secrets detection to prevent data breaches

GitGuardian found 12.8 million new secrets exposed on public GitHub in 2023, up 28% year over year — and most of them stayed live for days after leaking.

Jul 8, 20268 min read
Software Supply Chain Security

How to set up signed commits with GPG

A step-by-step guide to set up GPG signed commits in Git: generate a key, configure Git, publish it to GitHub, verify signatures, and fix common errors.

Feb 17, 20267 min read
Application Security

How to set up secrets scanning in git repositories

A step-by-step guide to secrets scanning in git repositories using gitleaks and trufflehog, covering pre-commit hooks, CI enforcement, and history audits.

Feb 16, 20267 min read
Vulnerability Analysis

Git Clone RCE via Symlink Race on Case-Insensitive Filesy...

A patched Git flaw let attackers achieve remote code execution during clone via a symlink race on case-insensitive filesystems. Here's what teams need to know.

Nov 27, 20258 min read
Vulnerability Analysis

Git safe.directory Bypass Enabling Code Execution on Mult...

CVE-2022-24765 let local users on shared Windows systems bypass Git's ownership checks and trigger code execution via malicious repo configs. Here's the full breakdown.

Nov 27, 20257 min read
Vulnerability Analysis

Git Local Clone Information Disclosure via Hardlinks (CVE...

CVE-2022-39253 abuses Git's local clone hardlink optimization to leak files from outside a repository. Here's the impact, fix, and how to stay protected.

Nov 27, 20258 min read
Vulnerability Analysis

Git Heap Buffer Overflow via GIT_PUSH_OPTION_COUNT (CVE-2...

CVE-2022-39260 is a heap overflow in Git from an integer overflow in GIT_PUSH_OPTION_COUNT during git push. What changed, and how to remediate it.

Nov 27, 20257 min read
Supply Chain Attacks

The PHP Source Code Git Server Backdoor Compromise of 2021

In 2021, attackers breached PHP's git server and pushed a backdoor under forged commits from top maintainers. Here's how the PHP git server compromise unfolded.

Nov 20, 20257 min read
DevSecOps

Code Repository Security Hardening

Your source code repository is the starting point of your entire supply chain. Hardening it against unauthorized access, code injection, and configuration tampering is non-negotiable.

Jul 8, 20246 min read
git-security — Safeguard Blog