Detecting and removing dangerous secrets on dev workstations before Shai-Hulud does
Summary
The article proposes an open-source, end-to-end workflow for detecting and mitigating clear-text secrets on developer workstations using bagel, Fleet/osquery, and Slack/IdP integrations. It outlines a practical, though proof-of-concept, approach for SMBs to reduce credential theft risk by automating secret discovery and policy enforcement. It also discusses missing pieces like signing, notarization, and remediation strategies.