Git Credentials and Configuration Security Checker: A Unified Platform for First-Mile Software Supply Chain Security
  • Author(s): Florina Sharma; Shruti Jindal
  • Paper ID: 1718980
  • Page: 940-948
  • Published Date: 31-01-2025
  • Published In: Iconic Research And Engineering Journals
  • Publisher: IRE Journals
  • e-ISSN: 2456-8880
  • Volume/Issue: Volume 8 Issue 7 January-2025
Abstract

The use of Distributed Version Control Systems (VCS) especially Git has greatly increased the vulnerability of the current software development. Although Git ensures a smooth teamwork process, it usually causes accidental expose of confidential credentials such as API keys, authentication tokens, and encryption secrets. Moreover, since local Git systems are often complicated, authentication failures and unsecure use of the protocols (e.g., use of HTTP instead of SSH) commonly happen, bringing critical vulnerabilities at the first-mile of the development workflow. This paper gives a design, implementation, and a comprehensive evaluation of the Git Credentials and Configuration Security Checker; a single security platform which deals both reactively in troubleshooting and proactively in secret scanning. We use a dual engine architecture, one being: (1) a Configuration Analyzer which diagnoses the authentication failures and enforces safe protocols, and (2) a Vulnerability Scanner which does hardcoded secrets prior to executing the commit after a Rescanning. On a dataset of misconfigured systems and injected secrets, experimental analysis shows that the time-to-diagnosis of authentication errors reduces by 90 percent and detection error rates go to 100 percent on high-entropy secrets (AWS keys, RSA private keys, database credentials). We also have a smooth CI/CD pipeline adoption through the integrated system of GitHub Actions which provides constant feedback on security. Benchmarks using performance indicate 90-2250 x speedup relative to manual analysis and a arguably manageable false positive rate of 3.2

Keywords

Software Supply Chain Security, Secret Detection, Git Configuration Auditing, Credential Leakage Prevention, First-Mile Security, DevSecOps, CI/CD Security, Static Analysis

Citations

IRE Journals:
Florina Sharma, Shruti Jindal "Git Credentials and Configuration Security Checker: A Unified Platform for First-Mile Software Supply Chain Security" Iconic Research And Engineering Journals Volume 8 Issue 7 2025 Page 940-948 https://doi.org/10.64388/IREV8I7-1718980

IEEE:
Florina Sharma, Shruti Jindal "Git Credentials and Configuration Security Checker: A Unified Platform for First-Mile Software Supply Chain Security" Iconic Research And Engineering Journals, 8(7) https://doi.org/10.64388/IREV8I7-1718980