Credential Digger is an SAP Open-Source code scanner for detecting hardcoded secrets. In this episode, Slim Trabelsi discusses with host Karsten Hohage what led to the creation of Credential Digger and about its key differentiators. Slim also speaks of the early challenges of scanning for secrets, and lists the many advantages of using open source for building and maintaining Credential Digger. Open source comes with visibility for customers, and contributors can work on a project even before they join the team or after they leave, leading to improved continuity and a better tool overall.
Guests:
Slim Trabelsi joined SAP 15 years ago and currently works as a senior security expert in the SAP Security Research team. His background includes data privacy, data protection, and social media security. He is currently focusing his research activities on cyber security, threat intelligence, and surveillance. Slim recently developed an open-source tool called Credential Digger, which is used to identify hardcoded secrets in source code repositories like GitHub.
- Twitter: https://twitter.com/slim_security
- LinkedIn: https://www.linkedin.com/in/slim-trabelsi-94534a83/
- GitHub: https://github.com/SlimTrabelsi
- SAP People: https://people.sap.com/slim.trabelsi
Show Notes:
- Links
- https://github.com/SAP/credential-digger
- https://github.com/SAP/vs-code-extension-for-project-credential-digger
- Credential Digger: Using Machine Learning to Identify Hardcoded Credentials in Github – blog post
- SAP Security Research
- https://huggingface.co/SAPOSS/password-model
- NIST – Source Code Security Analyzers
- SAP Open Source Program Office
- Additional Downloads:
Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I)
LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/