Did you know that you can use ggshield to scan docker images for secrets? Many Docker images get shared through places like Dockerhub, and sometimes, images get shared unexpectedly, such as when you have a code leak. We built the `ggshield secret scan docker` command to help. With one simple command, anyone on your team can quickly detect any hardcoded credentials inside a docker image.

Did you know that GitGuardian can add comments directly to your GitHub pull requests and even stop a PR from succeeding if it contains any hardcoded secrets? When a new pull request is created, a new check run is performed, and GitGuardian will scan through each commit inside the PR, not just the most recent one. If someone added a secret to an early commit, but then removed it right before making the PR, you still need to know it is present in the git history so you can address it.

Are you building your applications on Azure? Good news, it is now easier than ever to integrate GitGuardian with Azure repos. Azure is one of the most popular cloud platforms out there. Now, GitGuardian users can integrate their Azure Repos in two different ways: at the organization level or the instance level.

Many teams choose to mark incidents as resolved once the secret involved has been revoked or rotated. With the GitGuardian auto-resolution playbook, you can automate the remediation process, saving you a step any time a credential becomes invalid. This works for both real-time detection and all historical incidents whenever an incident is re-checked for validity.

In this webinar, we are joined by Varun Sharma and Ashish Kurmi, founders of StepSecurity. StepSecurity is a pioneer in runtime security for CI/CD pipelines. Given that CI/CD is a high-privileged environment that builds release artifacts and has admin cloud credentials, there has been an increase in attacks on CI/CD pipelines. The importance of CI/CD Security has been underlined by recent guidance from the Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA)

Did you know you can add custom detectors to make GitGuardian Secrets Detection even more powerful? GitGuardian already looks for over 390 different types of specific secrets - from Adobe and AWS keys to Zoom and Zendesk Tokens. That's on top of looking for over a dozen generic patterns like Bearer tokens and JSON web tokens. Now, anyone on a Business plan or higher can request to extend GitGuardian's secrets detection engine to support detectors specific to their organization.

We are proud to introduce Infra as Code Security in The GitGuardian Platform. GitGuardian can now automatically scan connected GitHub or GitLab repositories for IaC template files like Terraform and CloudFormation and alert you about any misconfigurations affecting your AWS, Azure, and GCP deployments, your Kubernetes clusters, and Docker containers.

Two of the first questions typically asked when you are experiencing a secret leak are:"Is the credential still valid?" and"Has the secret been removed from the git repo?" GitGuardian makes it simple to understand the state of your leaked secrets with our automatic validity and presence checks.

GitGuardian has always made it easy to triage secret leak incidents, Now with custom severity rules, you can automate how GitGuardian labels the criticality of each incident. Fine-tune the pre-built scoring definitions and add your own custom rules that help your team with your particular requirements.

GitGuardian is making it easier and safer than ever to gather feedback about secret leakage incidents. We have added a feedback form directly to the GitGuardian dashboard incident detail view, allowing your team to provide more info about the incident, including confirming if it's an actual secret, if it gives access to any sensitive info, if it has been revoked, as well as any other relevant details.