Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this in-depth walkthrough, we will show you how to turn ggshield, the GitGuardian CLI, into a practical guardrail for keeping secrets out of your code and CI pipelines. You’ll see exactly how to install and authenticate ggshield, then use it to scan repositories, local paths, archives, Docker images, PyPI packages, and CI environments for hardcoded credentials. We’ll also walk through configuring Git hooks with ggshield install.

GitGuardian Playbooks are now available for Public Incidents, bringing the same powerful automations used in internal monitoring to leaks in public repos. Playbooks now available for Public Monitoring customers.

Ship fewer secrets with your code. In this video we walk you through installing and using the GitGuardian IDE extension in Visual Studio Code, Cursor, Antigravity, Windsurf, and any VS Code compatible editor. You will see how the extension uses ggshield, the GitGuardian command line tool, to scan for 500+ types of secrets and catch plaintext credentials as soon as you save a file, long before they can be committed.

GitGuardian users can now revoke certain valid secrets directly from incident pages in seconds, eliminating the need to switch between multiple tools and platforms when the danger is very real. As attackers move faster than ever, security teams and developers need better tools and methods to ensure their most prized secrets can be invalidated in seconds, halting any attackers who might have stolen them or discovered them leaked publicly.

Learn about our NHI Governance capabilities providing complete asset visibility, OWASP Top 10 compliance, and how we're tackling AI challenges where coding agents replicate exposed secrets at scale.

Our security researcher Gaetan Ferry shared his take on the recent supply chain attacks with Mackenzie Jackson @TheSecureDisclosure.

In this video, you will learn how to cut through the noise and prioritize your GitGuardian incidents with confidence. From understanding incident fields to using filters, views, and severity scoring, this walkthrough shows you exactly how to focus on what matters most. Take control of your backlog and streamline remediation to strengthen your team’s security posture. Chapters.

In this video, we'll cover GitGuardian Playbooks and how to manage them in your workspace. We know that time is critical when a secrets incident occurs. That's why our platform allows you to quickly and easily automate steps of the incident response process. We call these automations "Playbooks".

GitGuardian has uncovered GhostAction, a massive supply chain attack targeting 327 GitHub users and 817 repositories. Attackers injected malicious workflows that exfiltrated over 3,325 secrets, including npm, PyPI, and DockerHub tokens. Watch as GitGuardian's Senior Cybersecurity Researcher, Guillaume Valadon breaks down how this campaign unfolded, what was stolen, and what developers need to know to stay safe.

Discover the chilling details of the Nx “s1ngularity” supply chain attack. On August 26, 2025, the massively popular Nx npm package, with millions of weekly downloads, was compromised with credential‑harvesting malware.