GitKraken Blog

Releasing the Power of Git

How the Nissan Source Code Leak Could Have Been Avoided

And you thought you were having a bad day…did you see what happened to the developers over at Nissan

The source code (Git repos) for Nissan’s mobile apps and internal tools was leaked to the Internet because the link was publicly accessible and the password easy to guess. 😬 Yikes. 

Hosting Code on Bitbucket 

Bitbucket Server is commonly configured for offline use. Ideally, you’d configure your Bitbucket Server so that only a targeted set of end-users could browse to the instance, and authenticate to their Git repositories over HTTPS or SSH.

See how the GitKraken Git GUI provides secure connections to remote Git repositories over HTTPS or SSH. Learn more about GitKraken authentication.

How did the Nissan code leak happen?

Nissan reports they’re conducting an investigation on the source code leak, where hopefully they uncover how such a simple error could have been avoided. While they dig, the rest of us can enjoy 2 easy takeaways from this episode:

Security Tips for Your Git Repository

By nature, there are some security vulnerabilities associated with Git, as it is controlled with server access and developers can rewrite history. However, instituting collaborative procedures and utilizing tools, like a Git client, that help you securely connect to your remote data, will help you easily avoid these simple mistakes.    

Understand Your Git Repo’s Permission Settings 

Don’t make your self-hosted Bitbucket instance publicly accessible (unless that’s your intent).

Set a Password 

Don’t use default passwords. 

This should go for any password you’re setting online these days, but especially for professional accounts. 

Consider using a tool, like LastPass, that can set secure passwords and manage your account logins. You can even share passwords for collaborative team accounts.

Using Bitbucket with GitKraken

GitKraken could have made the Nissan team’s authentication easy and secure with personal access tokens.  

When setting up the GitKraken integration with a Bitbucket Server, we prompt the user to confirm the URL and provide a personal access token. 

GitKraken will direct you to login with your Bitbucket Server credentials to create the access token, including the permissions you can assign to the token. This is another area where you can enhance your Git repo’s security.  

We also give users the ability to generate SSH keys for Bitbucket Server

Secure Your Git Repos with GitKraken

The GitKraken Git GUI provides multiple options for securely connecting to your remote Git repositories, as well as permissions settings to meet the needs of growing development teams.

Like this post? Share it!

Share on facebook
Share on twitter
Share on linkedin

Read More Articles

What is Git Bash?

Learn what Git Bash is and how to download this Windows terminal. You will also see basic Git commands to use with Bash and why GitKraken is the better tool for Git.

Read More »
GitKraken 7.7.0 release

GitKraken v7.7: Git for Teams

Get ready for team collaboration in Git on a whole new level with the new Git team features and other improvements. Get a better Git workflow for your team with GitKraken.

Read More »

Make Git Easier, Safer &
More Powerful

with GitKraken