Git history is the full record of a repository’s past commits, branches, and file changes. Even when a developer deletes a secret from the latest version of a file, earlier commits can still contain the original password, API key, SSH key, or configuration value. In other words, “cleaning up” the current code does not automatically remove evidence from the repository’s timeline.
This matters because attackers often inspect Git history after gaining access to source code. Old commits can reveal credentials, internal hostnames, build scripts, deployment steps, and other details that help them move deeper into an environment. Defenders rely on secret scanning, commit rewriting when necessary, token rotation, and access controls to reduce this risk. In incident response, checking Git history is essential whenever source code exposure is suspected, because a leak may become a wider secrets or supply-chain problem even if the latest code looks harmless.