That’s something I need, as a networking person playing around with scripts & automation. Am I introducing obvious security risks in my code or when I publish it to github?
At Cisco Live in 2022 or 2023, I attended a session where a service/solution named Panoptica was shown. And I thought, “Hey, that’s neat! I need to show it to someone else, because I’m not a programmer/software developer.”
Earlier this week, a post by @Erika piqued my interest in this again, and with several private and public code repositories I decided that maybe I should give it a try.
It took me less than an hour from watching Erika’s video, to go through the initial signup, having Panoptica scan my code, and give me basic feedback.
Ok sure, it’s not perfect, no solution is, but there were actionable items on this list.
- “generic-api-key has detected secret […]” ( ← my bad from earlier days for having a hard coded secret in my code )
- “NOTE: This secret was deleted from your repository, but it’s still visible in the history.”
Thankfully, nothing serious had been publicly exposed, and I could remediate the security issues in my private repositories.
Whether you’re a seasoned software developer, or a network engineer writing code to automate your network/tasks, I think having something like Panoptica to notify you about potential security issues should be one of your essential tools.
What do you think?