SEDATED icon indicating copy to clipboard operation
SEDATED copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Business Justification

Open teja7157 opened this issue 5 years ago • 4 comments

Hi Team, My Manger has asked me to draft a document justifying sedated in our business

I provided him this -Sedated is trigger by GitHub hook when code is committed to the repository it checks for sensitive information and rejects the commit if found this protects sensitive information from being viewed by unauthorized users.

But he would like more information. I am not real familiar with Sedated Does any one have a resource or reference to help me out

teja7157 avatar Jun 21 '19 20:06 teja7157

@teja7157 Thanks for reaching out! I would definitely recommend reading the "Purpose" section of our README (link below). Additionally, you can check out this video below of Dennis and I (authors) giving a presentation on SEDATED at AppSecCali last year. Hope this helps, let us know if we can be of more assistance.

https://github.com/OWASP/SEDATED#purpose https://www.youtube.com/watch?v=mNjIhCq4Qfw&t=167s

Thanks, Simeon

SimeonCloutier avatar Jun 21 '19 20:06 SimeonCloutier

Thanks for that but need to get this information about SEDATED

communication for the leaders to understand what risks SEDATED is addressing for the enterprise.

teja7157 avatar Jun 24 '19 14:06 teja7157

@teja7157 If the following text from the purpose section of our readme is not what you are looking for, can you be more specific as to what you are looking for? From a security perspective, gaining access to sensitive data(like database credentials, user passwords, etc..) has endless potential and very high risks associated with it.

Purpose With the myriad of code changes required in today's CICD environment developers are constantly pushing code that could unintentionally contain sensitive information. This potential sensitive data exposure represents a huge risk to organizations (2017 OWASP Top Ten #3 - Sensitive Data Exposure). SEDATED℠ addresses this issue by automatically reviewing all incoming code changes and providing instant feedback to the developer. If it identifies sensitive data it will prevent the commit(s) from being pushed to the Git server.

SimeonCloutier avatar Jun 24 '19 15:06 SimeonCloutier

@teja7157 FYI, we just released a new version of SEDATED®, with lots of improvements (see below).

https://github.com/OWASP/SEDATED/releases/tag/v1.2.0

SimeonCloutier avatar Jun 17 '20 17:06 SimeonCloutier