In large organisations using the public cloud to store code, it’s unfortunately not uncommon to accidentally make something public that should be private. Whether that’s due to negligence or ignorance, a leak can have dramatic consequences.
While using something like https://github.com/awslabs/git-secrets to make sure secrets are not committed with code is a very good idea, that’s only half of the story. What about actual application logic; proprietary code that could enable potential attackers to learn more about you?
If one were using GitHub for storing code, one simple approach to prevent leaks is to monitor the list of public repositories under the organisation’s account.
Luckily, GitHub makes this very easy via their API. To get the list of public repositories under the Releaseworks organisation:
$ curl -s https://api.github.com/orgs/releaseworks/repos
A ready-made solution to monitor the list of public repositories, and send an e-mail on any changes, can be found here: https://github.com/mjuuso/github-public-repo-watcher
Set the script to be run periodically (in a crontab), and enjoy knowing that should something be made accidentally public, at least you’ll know about it.
Releaseworks Academy has a free online training course on Docker & Jenkins best practices: https://www.releaseworksacademy.com/courses/best-practices-docker-jenkins