🖥️Git Windows Vulnerability and Development Environment best Practices

Due to recent vulnerabilities disclosures CVE-2022-24765 CVE-2022-24767, it is highly advised to update your Git version if you use Windows to develop.

Follow this link to download the latest version:https://git-scm.com/download/win.

Tips for securing the development environment

1. Keep up to date Software and Operating system.

2. Use a password manager (recommended BitWarden with offline exports ( keep archived with password). It’s also recommended never to store sensitive information without proper encryption.

3. Don’t run commands using root unless you know what you’re doing, have a strong password for the user.

4. Help avoid CI/CD Pipeline attacks(Think Solarwinds) by using Source Composition analysis on Docker images and IaC(Infrastructure as Code) by using Snyk locally and in the IDE(Integrated development environment)

5. Configure git to use your work email, and learn how to use .gitignore to boost security.

6. Reduce the effects of a data breach by not storing essential secrets in the git repository. use .env files with caution and always prefer a secure outpost for your secrets, such as Git Credential Manager

Reference:https://github.blog/2022-04-12-git-security-vulnerability-announced/