Protection tool

Comcast’s xGitGuard open-source code protection tool

Comcast is launching a new software tool, xGitGuard, as an open source project for the community at large. The tool is designed to proactively search GitHub’s open-source repositories for code that is believed to remain proprietary.

The idea behind xGitGuard is to provide an automated method of checking through GitHub repositories for code that shouldn’t be there – an important consideration for modern development teams, given the growing use of open source code. The tool uses NLP (natural language processing) technology, AI modeling and other advanced techniques to programmatically identify and validate the secret code on GitHub, as well as identify the developer accounts that posted these. secrets.

According to Bahman Rashidi, director of Comcast’s cybersecurity and privacy engineering research team, the main advantage of xGitGuard is its flexibility – it can be used both retroactively, to detect secrets downloaded after suddenly, and proactively, to check the code before it is released. .

“Obviously, proactive is the ideal use case from a security perspective, but there’s a lot of flexibility,” Rashidi says. “The tool can be used both by individual users on their servers/machines (e.g. developers can also scan local files and directories) or deployed at an organization level in a cloud.”

Comcast claimed that the tool is over 90% accurate at distinguishing secret code from non-secret text, and that the company has been using xGitGuard for some time to leverage GitHub’s utility as a development resource. software while separating proprietary code.

“The problem that xGitGuard was designed to solve is pervasive, so we thought it was a great candidate for making open source available,” Rashidi says. “GitHub is such a vital tool for developers, and so many people use it, that we really hope that as many people/small or large organizations as possible will use this technology.”

This isn’t the company’s first foray into the world of open-source software — Comcast has published more than 200 public repositories on GitHub. Some of the most prominent include a content delivery network software framework called Traffic Control, an automated server maintenance tool called Bynar, and a Rust-based network functions development framework called Capsule. And two other projects – dashboard acceleration tool Prometheus Trickster and Kubernetes cluster testing framework Kuberhealthy – were accepted into the Cloud Native Computing Foundation’s sandbox program last year.

Copyright © 2022 IDG Communications, Inc.