Sensitive Data Remediation

Bring peace of mind to your team by ensuring you eliminate any sensitive data from your repositories and prevent commits going forward.

Summary

We've seen multiple companies - even technology first companies - make mistakes when it comes to sensitive data and secret leaks into the wild. This engagement will provide audit and cleanup of sensitive information currently in the customer’s Git repositories. Sensitive data can include secrets, passwords, private keys, API tokens, and other sensitive data.

Our team will both produce in-our-lab prototypes as well as hands-on tuning of the secrets detection using your actual git data. Not only will we detect sensitive data, we will provide reports on which keys were potentially compromised and re-write history to eliminate all trace of any sensitive data.

Going forward, we will work with your team to develop the automation of sensitive data checking for all future code commits. Your team will also receive training and documentation of the sensitive data checking implementation to enable them to keep it up to date for any new threats.

Who is this service for?

Security and audit teams looking to build assurance that developers are not committing sensitive data such as passwords and keys to their git repositories.

What's included?

GitLab offers a variety of training courses depending on your team's needs. In addition, we offer specilized training that can be customized even further.

The general courses we offer include:

  • Audit all current Gitlab repositories for sensitive data.
  • Find and rewrite commit history for affected repositories.
  • Build report on the location and source of the sensitive data found.
  • Create re-usable GitLab hooks for flagging sensitive data before it can be saved to GitLab.

Interested in GitLab Professional Services? Get in touch.