Join us

How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets

Truffle Security dropped a sharp new open-source tool that digs through GitHub’s public commit history looking for zero-commit force pushes—a tactic devs use to erase mistakes, usually secrets. Problem is, they don’t go quietly.

By tapping into historical GitHub PushEvents via GH Archive, the tool hunts down dangling commits—the ghosts of deleted secrets that still linger. Stuff most scanners miss.

Heads-up: Force-pushing doesn’t scrub secrets anymore. Assume every leaked key is burned.


Let's keep in touch!

Stay updated with my latest posts and news. I share insights, updates, and exclusive content.

By subscribing, you share your email with @faun and accept our Terms & Privacy. Unsubscribe anytime.

Give a Pawfive to this post!


Only registered users can post comments. Please, login or signup.

Start blogging about your favorite technologies, reach more readers and earn rewards!

Join other developers and claim your FAUN.dev account now!

Avatar

The FAUN

@faun
A worldwide community of developers and DevOps enthusiasts!
Developer Influence
3k

Influence

302k

Total Hits

1

Posts