And you thought you were having a bad day…did you see what happened to the developers over at Nissan?
The source code (Git repos) for Nissan’s mobile apps and internal tools was leaked to the Internet because the link was publicly accessible and the password easy to guess. 😬 Yikes.
Hosting Code on Bitbucket
Bitbucket Server is commonly configured for offline use. Ideally, you’d configure your Bitbucket Server so that only a targeted set of end-users could browse to the instance, and authenticate to their Git repositories over HTTPS or SSH.
See how the GitKraken Git GUI provides secure connections to remote Git repositories over HTTPS or SSH. Learn more about GitKraken authentication.
How did the Nissan code leak happen?
Nissan reports they’re conducting an investigation on the source code leak, where hopefully they uncover how such a simple error could have been avoided. While they dig, the rest of us can enjoy 2 easy takeaways from this episode:
Security Tips for Your Git Repository
By nature, there are some security vulnerabilities associated with Git, as it is controlled with server access and developers can rewrite history. However, instituting collaborative procedures and utilizing tools, like a Git client, that help you securely connect to your remote data, will help you easily avoid these simple mistakes.
Understand Your Git Repo’s Permission Settings
Don’t make your self-hosted Bitbucket instance publicly accessible (unless that’s your intent).
Set a Password
Don’t use default passwords.
This should go for any password you’re setting online these days, but especially for professional accounts.
Consider using a tool, like LastPass, that can set secure passwords and manage your account logins. You can even share passwords for collaborative team accounts.
Using Bitbucket with GitKraken
GitKraken could have made the Nissan team’s authentication easy and secure with personal access tokens.
When setting up the GitKraken integration with a Bitbucket Server, we prompt the user to confirm the URL and provide a personal access token.
GitKraken will direct you to login with your Bitbucket Server credentials to create the access token, including the permissions you can assign to the token. This is another area where you can enhance your Git repo’s security.
We also give users the ability to generate SSH keys for Bitbucket Server.
Secure Your Git Repos with GitKraken
The GitKraken Git GUI provides multiple options for securely connecting to your remote Git repositories, as well as permissions settings to meet the needs of growing development teams.