Developer Protection

Developer Protection prevents developers leaking sensitive information such as RSA keys, passwords, and access tokens through the Git version control system. It also detects and warn the developer when using packages with known vulnerabilities.

Developer Protection intercepts git commit commands issued by the developer, and scans all modified files in a Git repository. It prevents the uploading of private information in plain text and vulnerable dependencies from Endpoint Security client computers to public locations.

Developer protection is supported on Endpoint Security Client release E84.60 and higher.

To configure Developer protection:

  1. In the Policy view, go to Developer Protection.

  2. Select the Developer Protection mode:

    Option

    		 Explanation
    Off Developer Protection is disabled. This is the default.
    Detect
    Prevent

    • Information leakage is detected, a log message is generated, and the Commit is blocked.

    • The administrator can examine the audit log Prevent messages of the Application Control component.

    • The developer sees a warning notification on the client computer. The developer can decide to override the notification and allow the traffic (with or without giving a justification).

    • The notification message suggests how to fix the problem. For example, by adding a file to .gitignore, or updating the version in package.json

  3. Click Save.

  4. Install Policy.

Exclusions to Developer Protection

You can define exclusion to developer protection based on the SHA256 hash of the files.

To define an exclusion to developer protection:

  1. Click Edit Exclusion.

    The Developer Protection Exclusion window opens.

  2. Click the + sign.

  3. In the SHA256 Hash field enter the SHA256 hash of the file.

  4. Optional: Enter a Description.

  5. Optional: Select Copy to all rules, to copy this exclusion to all existing Developer Protection rules.

  6. Click OK.