https://blog.abhipraya.dev/tags/gitleaks/Recent content in Gitleaks on Daffa AbhiprayaHugoen-us© Daffa AbhiprayaMon, 27 Apr 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-a/security/Mon, 27 Apr 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-a/security/<p>A team that runs only SAST in CI and considers itself &ldquo;secure&rdquo; is checking one corner of a much larger surface. SAST catches the patterns you wrote. It misses runtime configuration drift, secrets accidentally committed, deprecated cipher suites left enabled at the edge, ports unintentionally exposed at the origin. To go past the CI baseline we layered <strong>four additional security tools</strong> on top of what already runs on every MR. One of them caught a real production credential committed to the repository, and the fix shipped the same day. This blog walks through the layered audit, what each tool found, and how the tooling stack matches up against OWASP Top 10 categories.</p>