Git Blog

Releasing the Power of Git

How the Nissan Source Code Leak Could Have Been Avoided

And you thought you were having a bad day…did you see what happened to the developers over at Nissan

The source code (Git repos) for Nissan’s mobile apps and internal tools was leaked to the Internet because the link was publicly accessible and the password easy to guess. 😬 Yikes. 

Hosting Code on Bitbucket 

Bitbucket Server is commonly configured for offline use. Ideally, you’d configure your Bitbucket Server so that only a targeted set of end-users could browse to the instance, and authenticate to their Git repositories over HTTPS or SSH.

See how the GitKraken Git GUI provides secure connections to remote Git repositories over HTTPS or SSH. Learn more about GitKraken authentication.

How did the Nissan code leak happen?

Nissan reports they’re conducting an investigation on the source code leak, where hopefully they uncover how such a simple error could have been avoided. While they dig, the rest of us can enjoy 2 easy takeaways from this episode:

Security Tips for Your Git Repository

By nature, there are some security vulnerabilities associated with Git, as it is controlled with server access and developers can rewrite history. However, instituting collaborative procedures and utilizing tools, like a Git client, that help you securely connect to your remote data, will help you easily avoid these simple mistakes.    

Understand Your Git Repo’s Permission Settings 

Don’t make your self-hosted Bitbucket instance publicly accessible (unless that’s your intent).

Set a Password 

Don’t use default passwords. 

This should go for any password you’re setting online these days, but especially for professional accounts. 

Consider using a tool, like LastPass, that can set secure passwords and manage your account logins. You can even share passwords for collaborative team accounts.

Using Bitbucket with GitKraken

GitKraken could have made the Nissan team’s authentication easy and secure with personal access tokens.  

When setting up the GitKraken integration with a Bitbucket Server, we prompt the user to confirm the URL and provide a personal access token. 

GitKraken will direct you to login with your Bitbucket Server credentials to create the access token, including the permissions you can assign to the token. This is another area where you can enhance your Git repo’s security.  

We also give users the ability to generate SSH keys for Bitbucket Server

Secure Your Git Repos with GitKraken

The GitKraken Git GUI provides multiple options for securely connecting to your remote Git repositories, as well as permissions settings to meet the needs of growing development teams.

Like this post? Share it!

Share on facebook
Share on twitter
Share on linkedin

Read More Articles

Git vs GitHub

Git vs GitHub

Many people confuse Git and GitHub as being the same thing. Understand the difference between Git vs GitHub, and see how to use both to streamline your workflow.

Read More »

WordPress + GitHub

Learn how to work with WordPress, GitHub, and GitKraken to get the benefits of using Git for WordPress, including how to install a WordPress GitHub plugin.

Read More »

Git vs SVN

When deciding between Git vs SVN, there are a few things to compare, like Git and SVN commands and industry adoption (over 95% of developers worldwide are using Git).

Read More »

Git for Teams

See the powerful GitKraken team features that enable better workflows in Git for teams, including merge conflict detection and resolution and Git pull request management.

Read More »

Make Git Easier, Safer &
More Powerful

with GitKraken