With GitGuardian Honeytoken Deployment Jobs, you can quickly add honeytokens to any private repo with just a few clicks. In this new automated process, GitGuardian will check the type of code in the repo and, based on the context, generate a new file populated with a unique honeytoken. It will then create a new merge request ready for your team's review so you can add in a honeytoken with very little effort.

Secrets like API keys, Certificates, and credential pairs are used throughout modern software development. However, these pose a significant risk as attackers are always after them to gain unauthorized access to our system. This video explains in 60 seconds why hardcoding secrets or insecurely storing them is a security issue. The video also addresses some tools to use to manage your secrets or to scan your sourcecode for secrets,

IaC or infrastructure as code is the codifying of our infrastructure. it takes the manual tasks that a sys admin would have done and it makes it repeatable and scalable. IaC can be declarative or descriptive and uses lots of different tools like Terraform Ansible and Puppet to name a few. This video explains what IaC is and how it works in 60 seconds.

In this video, we drill down into the recent breach of Cloudflare systems including how attackers were able to use stolen credentials from the Okta attack to move laterally and hack the Cloudflare internal Atlassian server. The security incident shows the dangers of secrets sprawl not only in internal systems but also in the supply chain leading to potential data leaks.

Cloudflare is one of the largest networks in the world and had there internal systems breached due to stolen credentials from the October 2023 Okta breach.

APIs are the backbone of modern web applications, yet we rarely assess security beyond the traditional WAFs and Gateways. In fact, in a recent scan of over 1.5k GraphQL endpoints revealed a staggering 46,000+ security issues and sensitive data leaks—all accessible without authentication, with 10% classified as critical. Due to API’s being widely used by developers, they have now become a favored attack vector for threat actors.

GitGuardian Honeytokens can help you stay safe as you tackle secrets sprawl at scale. Deploying GitGuardian honeytokens into all of your repositories will give you an immediate warning system, letting you know when someone scans your repos or if they they get leaked onto the public internet. Dealing with a large number of incidents is already challenging enough, Use GitGuardian honeytokens to buy some peace of mind while you work to eliminate secrets sprawl.

SCA or Software Composition Analysis is an important security tool that helps you understand how your application is made up. Our software is built from open-source components and these components can have vulnerabilities or simply be malicious. SCA scans our applications to identify these components and lets us know if there are vulnerabilities or issues within it. In this short video we explain what SCA tools are and how they work as well as there role in application and cyber security.

In this Tech Tip Tuesday video we share how to securely store secrets like API keys or other credentials environment variables. To do this we use the python dotenv project to store secrets in a.env file and load them into local memory. Subscribe for more tech tips, on Tuesdays and other days.

Attackers are always after your source code! Source code is very leaky and often contains sensitive information like secrets (APi keys or credentials).