We understand the struggle of securing sensitive data—API tokens, cloud credentials, and database URLs have a knack for slipping into the public eye, be it in code repositories, CI job logs, or unexpected corners like Jira tickets. We've been championing this cause since 2017, scouring over a billion public GitHub commits last year alone and uncovering a staggering 10 million in 2022. We've gone beyond reports, beyond thought leadership, to unveil a real solution: HasMySecretLeaked!

Embark on an exciting journey into the realm of ethical hacking with our webinar, "Crack the Code: A Beginner's Guide to Ethical Hacking." Join Sonya Moisset of Snyk as we unveil the mysteries of cybersecurity and provide you with the tools to protect your digital assets.

In this video we look at how to effectively use the dotenv npm package to securely use secrets like API keys by loading them into your project as environment variables. To do this we first place our secrets in a.env file and the dotenv project will load these in as env variables.

Did you know that you can use ggshield to scan docker images for secrets? Many Docker images get shared through places like Dockerhub, and sometimes, images get shared unexpectedly, such as when you have a code leak. We built the `ggshield secret scan docker` command to help. With one simple command, anyone on your team can quickly detect any hardcoded credentials inside a docker image.

Did you know that GitGuardian can add comments directly to your GitHub pull requests and even stop a PR from succeeding if it contains any hardcoded secrets? When a new pull request is created, a new check run is performed, and GitGuardian will scan through each commit inside the PR, not just the most recent one. If someone added a secret to an early commit, but then removed it right before making the PR, you still need to know it is present in the git history so you can address it.

Are you building your applications on Azure? Good news, it is now easier than ever to integrate GitGuardian with Azure repos. Azure is one of the most popular cloud platforms out there. Now, GitGuardian users can integrate their Azure Repos in two different ways: at the organization level or the instance level.

Many teams choose to mark incidents as resolved once the secret involved has been revoked or rotated. With the GitGuardian auto-resolution playbook, you can automate the remediation process, saving you a step any time a credential becomes invalid. This works for both real-time detection and all historical incidents whenever an incident is re-checked for validity.

In this webinar, we are joined by Varun Sharma and Ashish Kurmi, founders of StepSecurity. StepSecurity is a pioneer in runtime security for CI/CD pipelines. Given that CI/CD is a high-privileged environment that builds release artifacts and has admin cloud credentials, there has been an increase in attacks on CI/CD pipelines. The importance of CI/CD Security has been underlined by recent guidance from the Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA)

Did you know you can add custom detectors to make GitGuardian Secrets Detection even more powerful? GitGuardian already looks for over 390 different types of specific secrets - from Adobe and AWS keys to Zoom and Zendesk Tokens. That's on top of looking for over a dozen generic patterns like Bearer tokens and JSON web tokens. Now, anyone on a Business plan or higher can request to extend GitGuardian's secrets detection engine to support detectors specific to their organization.

We are proud to introduce Infra as Code Security in The GitGuardian Platform. GitGuardian can now automatically scan connected GitHub or GitLab repositories for IaC template files like Terraform and CloudFormation and alert you about any misconfigurations affecting your AWS, Azure, and GCP deployments, your Kubernetes clusters, and Docker containers.