GitHub¤Ï10·î4Æü(Êƹñ»þ´Ö)¡¢¡ÖIntroducing secret scanning validity checks for major cloud services - The GitHub Blog¡×¤Ë¤ª¤¤¤Æ¡¢¥·¡¼¥¯¥ì¥Ã¥È¥¹¥­¥ã¥óµ¡Ç½¤ò³ÈÄ¥¤·¡¢Amazon Web Services(AWS)¡¢Microsoft¡¢Google¡¢Slack¤Î°ìÉô¥È¡¼¥¯¥ó¤ËÂФ¹¤ëÍ­¸úÀ­¥Á¥§¥Ã¥¯¤ò²Äǽ¤Ë¤·¤¿¤Èȯɽ¤·¤¿¡£

Introducing secret scanning validity checks for major cloud services - The GitHub Blog

GitHub¤Î¥·¡¼¥¯¥ì¥Ã¥È¥¹¥­¥ã¥ó¤Ï¸í¤Ã¤Æ¥ê¥Ý¥¸¥È¥ê¤Ë¥³¥ß¥Ã¥È¤µ¤ì¤¿³Æ¼ï¥µ¡¼¥Ó¥¹¤Îǧ¾Ú¾ðÊó¤ò¸¡½Ð¤·¤ÆÄÌÊ󤹤뵡ǽ¡£Ç§¾Ú¾ðÊ󤬸¡½Ð¤µ¤ì¤¿¾ì¹ç¤Ï¤½¤Î¥Õ¥©¡¼¥Þ¥Ã¥È¤«¤é¥µ¡¼¥Ó¥¹¥×¥í¥Ð¥¤¥À¤òÆÃÄꤷ¤ÆÄÌÊ󤹤ë»ÅÁȤߤǡ¢¤³¤ì¤Ë¤è¤êǧ¾Ú¾ðÊó¤Î°­ÍѤ¬ËɻߤǤ­¤ë¡£¥·¡¼¥¯¥ì¥Ã¥È¥¹¥­¥ã¥ó¤Ï¡ÖSecret scanning partner program - GitHub Docs¡×¤Ë¤Æ¾Ü¤·¤¯²òÀ⤵¤ì¤Æ¤¤¤ë¡£

¥·¡¼¥¯¥ì¥Ã¥È¥¹¥­¥ã¥ó¤Î»ÅÁȤߡ¡°úÍÑ¡§GitHub

GitHub¤Ë¤è¤ë¤È¡¢´ë¶È¤ª¤è¤ÓÁÈ¿¥¤Î½êÍ­¼Ô¤È¥Ý¥¸¥È¥ê¤Î´ÉÍý¼Ô¤Ï¡¢GitHubÀßÄê¤Î¡ÖCode security and analysis¡×¤«¤é¥·¡¼¥¯¥ì¥Ã¥È¥¹¥­¥ã¥ó¤òÍ­¸ú¤Ë¤Ç¤­¤ë¤È¤¤¤¦¡£¤Þ¤¿¡¢¡ÖSecret scanning¡×¤Î¡ÖAutomatically verify if a secret is valid by sending it to the relevant partner¡×¤Ë¥Á¥§¥Ã¥¯¤òÆþ¤ì¤ë¤³¤È¤ÇGitHub°Ê³°¤Î¥È¡¼¥¯¥ó¤ÎÍ­¸úÀ­¥Á¥§¥Ã¥¯¤òµ¡Ç½¤µ¤»¤ë¤³¤È¤¬²Äǽ¡£

¥·¡¼¥¯¥ì¥Ã¥È¥¹¥­¥ã¥ó¤ÎÀßÄê¡¡°úÍÑ¡§GitHub

GitHub¤Ï¤¹¤Ù¤Æ¤Îǧ¾Ú¾ðÊó¤Îϳ¤¨¤¤¤òÇÓ½ü¤¹¤ë¤¿¤á¤Ë¥·¡¼¥¯¥ì¥Ã¥È¥¹¥­¥ã¥ó¤ò³«»Ï¡¢º£¸å¤â¤è¤ê¿¤¯¤Î¥È¡¼¥¯¥ó¤ËÂФ¹¤ë¸¡¾Ú¥µ¥Ý¡¼¥È¤ò·Ñ³Ū¤Ë³ÈÂ礷¤Æ¤¤¤¯¤È¤·¤Æ¤¤¤ë(»²¹Í¡§¡ÖSecret scanning patterns - GitHub Enterprise Cloud Docs¡×)¡£GitHub¤ÎÍøÍѼԤÏɬÍפ˱þ¤¸¤Æ¥·¡¼¥¯¥ì¥Ã¥È¥¹¥­¥ã¥ó¤òÍ­¸ú²½¤·¡¢Ç§¾Ú¾ðÊó¤Îϳ¤¨¤¤¸¡½Ð¤È°­ÍÑËɻߤËÌòΩ¤Æ¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£