git-security
Safeguard articles tagged "git-security" — guides, analysis, and best practices for software supply chain and application security.
11 articles
Exposed .git Directories and the Git Internals That Leak Your Source
Roughly 4.96 million IPs expose .git metadata today, and over 252,000 leak live credentials in .git/config — a 2018-era bug that never went away.
Argument injection in Git and Mercurial CLI wrappers
A branch name like --upload-pack=/bin/sh isn't a string to Git — it's a flag. CVE-2017-1000117 and CVE-2017-1000116 show why that distinction matters.
Secrets detection to prevent data breaches
GitGuardian found 12.8 million new secrets exposed on public GitHub in 2023, up 28% year over year — and most of them stayed live for days after leaking.
How to set up signed commits with GPG
A step-by-step guide to set up GPG signed commits in Git: generate a key, configure Git, publish it to GitHub, verify signatures, and fix common errors.
How to set up secrets scanning in git repositories
A step-by-step guide to secrets scanning in git repositories using gitleaks and trufflehog, covering pre-commit hooks, CI enforcement, and history audits.
Git Clone RCE via Symlink Race on Case-Insensitive Filesy...
A patched Git flaw let attackers achieve remote code execution during clone via a symlink race on case-insensitive filesystems. Here's what teams need to know.
Git safe.directory Bypass Enabling Code Execution on Mult...
CVE-2022-24765 let local users on shared Windows systems bypass Git's ownership checks and trigger code execution via malicious repo configs. Here's the full breakdown.
Git Local Clone Information Disclosure via Hardlinks (CVE...
CVE-2022-39253 abuses Git's local clone hardlink optimization to leak files from outside a repository. Here's the impact, fix, and how to stay protected.
Git Heap Buffer Overflow via GIT_PUSH_OPTION_COUNT (CVE-2...
CVE-2022-39260 is a heap overflow in Git from an integer overflow in GIT_PUSH_OPTION_COUNT during git push. What changed, and how to remediate it.
The PHP Source Code Git Server Backdoor Compromise of 2021
In 2021, attackers breached PHP's git server and pushed a backdoor under forged commits from top maintainers. Here's how the PHP git server compromise unfolded.
Code Repository Security Hardening
Your source code repository is the starting point of your entire supply chain. Hardening it against unauthorized access, code injection, and configuration tampering is non-negotiable.