Security News > 2021 > August > Preventing your Cloud 'Secrets' from Public Exposure: An IDE plugin solution

With the mission of empowering developers to take control of their own code integrity, SonarLint, a free and open source IDE extension from SonarSource, recently announced a new feature for its software that aims to help developers identify and prevent leaks of AWS user or system-level authentication credentials before they are committed to a repository and leaked from user's local source code or files.

There have been a number of news articles in the past year highlighting incidents where malicious users have stolen API keys embedded in public source code repositories such as GitHub and BitBucket.

The previous case illustrates how exposure of 'secrets' detected at the relevant point of introduction, e.g. during programming or just before committing your code, could have saved a great deal of trouble.

You then have full flexibility to take action and address the code being flagged; bringing you one step closer to delivering secure code.

To start securing your code base you can download SonarLint for VS Code or SonarLint for your JetBrains IDEs.

Developers who use other SonarSource solutions - SonarQube or SonarCloud for delivering quality and secure code can extend their code security experience to their IDE. By installing SonarLint for free, not only can they immediately benefit from powerful features such as secret detection but also improve the overall code quality and security of their code base by sharing rules and analysis settings from SonarQube or SonarCloud to SonarLint to coalesce the entire development team on a single definition of code health.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/OhY1t8QoC6g/preventing-your-cloud-secrets-from.html