Remove sensitive data and information

[MasudIbne756]

Apart from these secrets, open source code may contain sensitive information which can potentially leak internal system configuration details. This can include hard coded internal IP addresses and personally identifiable information (PII) in developer comments, which can leak sensitive information.

It’s important to clear your GitHub history after removing the sensitive information, and to implement proper error handling to avoid exposing sensitive data. Additionally, be sure to adhere to the data classification standards and policies at your organization, and follow this practice while writing open source code base. Check out the Secure Coding Guide to learn more about storing sensitive data.

Secure coding guide
This guide walks you through the most common security issues Salesforce america phone number list has identified while auditing applications built on or integrated with the Lightning Platform.

Read the guide

Minimize external dependencies
If possible, minimize the use of external dependencies in your open source code. Adding external libraries or dependencies mean you are relying on third party library developers for the quality control of their code, but they may no longer actively develop and maintain these libraries. By using external libraries, you increase your risk and add potential attack surfaces in your open source software.

Lock down third party libraries
To ensure you are using the most secure external dependencies (e.g., third party libraries and code), it’s crucial to establish a regular schedule to review and update them with the latest releases and security patches. Vulnerabilities in outdated versions can be exploited by malicious actors, leading to potential security breaches. When integrating third party libraries, keep a list of all the external libraries integrated in the code and be sure to verify their security record, track vulnerability databases, review their community support, and ensure the libraries are actively maintained.