Comcast announced that its xGitGuard software will now be available as an open source solution. The tool was an in-house creation made by Dr. Bahman Rashidi, Director of Comcast Cable's Cybersecurity & Privacy Engineering Research team, to "address the global issue of potential authentication secrets being inadvertently uploaded to GitHub."
Comcast notes the xGitGuard solution allows users to scan GitHub "at scale and identify proprietary authentication secrets, specifically passwords, API keys, and tokens." Open source databases like GitHub serve as repositories through which developers can share existing code and assets. However, they could potentially also host, either accidentally or intentionally, proprietary data that was not meant to be shared.
To prevent this eventuality from damaging companies, xGitGuard applies one of two separate models: one for detecting credentials and one for detecting API tokens and keys, Comcast said.
The company claims xGitGuard uses both artificial intelligence and natural language processing to power a "six-step process." That process consists of \searching GitHub at scale, filtering results, detecting and extracting secret content, identifying the developer, validating secret content, and then submitting the problematic content for remediation.
xGitGuard has been in use internally at Comcast since 2020, with multiple teams applying its capabilities to maintaining the secrecy of the company's digital assets. The cable provider's Product Security Incident Response Team (PSIRT) team has used it to successfully identify and remediate internal code.
Comcast calls xGitGuard "an invaluable tool for supporting [its] secure development lifecycle." Now, it believes the newly open source tool will be strengthened and "continue to evolve" once external developers get their hands on its source code.
Additional details for developers and technicians interested in the xGitGuard tool can be found within the documents posted on its public GitHub page.