OWASP SEDATED®

The SEDATED® Project (Sensitive Enterprise Data Analyzer To Eliminate Disclosure) focuses in on preventing sensitive data such as user credentials and tokens from being pushed to Git. Developers are constantly pushing changes to GitHub and will most likely eventually try pushing a commit that contains sensitive information and we want to help catch and prevent that. The SEDATED® application will run on the Git server and review all incoming code changes. If it identifies sensitive data it will reject the push otherwise it will allow it.

Purpose

With the myriad of code changes required in today’s CICD environment developers are constantly pushing code that could unintentionally contain sensitive information. This potential sensitive data exposure represents a huge risk to organizations (2017 OWASP Top Ten #3 - Sensitive Data Exposure). SEDATED® addresses this issue by automatically reviewing all incoming code changes and providing instant feedback to the developer. If it identifies sensitive data it will prevent the commit(s) from being pushed to the Git server.

What’s New

Version 1.2.0 is now available!

Getting Involved

We are looking for community support with this project as there is a lot more we can do! Feel free to checkout the OWASP/SEDATED® repository and contribute any ideas you may have to make SEDATED® even better!