[Music] giant security is having a transformative impact on how quickly we can deliver software to our customers our customers can be highly regulated they might be dealing with incredibly sensitive personal data they want to make sure that their data is kept safe developers may be store our username password or API keys on PL text in our solos Cod what the tool does in terms of secret scanning is bring fun of mind to our engineers that's not safe to do it and it prompt them to safely handle like username password Secrets instead of store them in
the source code in terms of security scanning we want to catch that at the commit or at the pool request level one of the main feedbacks that we collected from developers it was that security was outside of software development uh cycle you're creating your new feature and maybe the security feedback is coming when that product is going to be released which can take easily weeks or even months we were looking for Alternatives that could introduce security feedback as part of your day-to-day so with Advance Security we had a way not only to identify the secrets
as part of the process but even to uh prevent the secret to be into your repository history there's a tab directly in your repo that shows you all of your vulnerabilities they're front and center you can't ignore them uh that's been really helpful for encouraging our developers to take control over their own application security and it's empowered them too because there's often suggestions on how to improve Security in each of the vulnerability reports we tried to meet the developers where they are in their development process the code we write is it secure is it safe
does it contain any secrets so when a developer is looking to push that code in for the first time we want secret detection to happen right there in that moment get helped developers with visibility and the transparen into the security health of their code base the minute a secret makes it onto get you essentially need to consider it to have been compromises enabling push protection across all of our repositories means that we don't have to work as much [Music]
