GitHub Reduces Secret Scanning False Positives with LLM Verification
GitHub Blog3 days agoReleaseGitHub describes an improvement to secret scanning that uses context-aware LLM reasoning during verification, after candidate secrets are detected. Instead of sending whole files or repositories to a model, the system extracts focused usage signals, such as whether a value flows into authentication, API, database, or cloud SDK code. In tests on customer-confirmed false positives, GitHub reports a 75.76% reduction, above its 65% target, while preserving detection coverage.
Hugging Face 與 JFrog 攜手合作,提升 AI 安全與軟體供應鏈透明度★ 70
Hugging Face Blog467 days agoBusinessWith the explosive growth of generative AI and open-source models, an increasing number of enterprises are integrating models from Hugging Face into their core…
Hugging Face 與 Truffle Security 合作,引進 TruffleHog 自動掃描並防範金鑰洩漏★ 70
Hugging Face Blog648 days agoReleaseHugging Face has officially announced a partnership with the well-known cybersecurity company Truffle Security, integrating the open-source credential scanning…