|
By Ferdinand Boas
Learn how one of Europe's largest healthcare tech leaders transformed their Secrets Security with GitGuardian, cutting incidents by half without compromising developer productivity.
|
By Ferdinand Boas
A look back at 2024: A year of breakthroughs, advancements, and unwavering commitment to elevating NHI and secrets security for organizations.
|
By Dwayne McDaniel
Learn about OWASP’s newest focus on Non-Human Identities and how to mitigate risks like secret leakage, overprivileged NHIs, and insecure authentication with GitGuardian.
|
By Thomas Forbes
Everything you were too afraid to ask about Docker, containers, and their fundamental building blocks: layers. Understanding how layers work naturally leads to a more efficient method of packing images, ultimately speeding up your deployments.
|
By Gaetan Ferry
While Artifactory tokens aren't the most common leaked secrets, GitGuardian's research reveals their critical nature in corporate environments. Recent investigations across major industries show how these tokens frequently expose sensitive resources through build configurations and DevOps code.
|
By Guillaume Valadon
The U.S. Department of the Treasury suffered a major security incident when a Chinese threat actor compromised its third-party cybersecurity service BeyondTrust. The attackers obtained an API key that allowed them to bypass security measures and access unclassified documents.
|
By C. J. May
In this blog post, we will explore the intricate world of detection engineering. We’ll start by examining the inputs and outputs of detection engineering, and then we’ll illustrate the detection engineering lifecycle.
|
By C. J. May
Configuration management tools like Ansible, Chef, and Puppet offer various methods for handling secrets, each with inherent trade-offs. The article explores these approaches alongside modern OIDC-based solutions that enable short-lived authentication tokens for automated processes.
|
By Dwayne McDaniel
The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.
|
By Ferdinand Boas
Secrets with excessive permissions are a goldmine for attackers. GitGuardian Secrets Analyzer helps security teams identify overprivileged secrets, analyze permissions, and shrink the attack surface.
|
By GitGuardian
We are proud to announce that BitBucket Cloud users can now leverage the GitGuardian Secrets Detection platform to find hardcoded secrets throughout their existing codebases and actively monitor any code changes for newly leaked credentials. We have supported Bitbucket Data Center and Sever for years, but now, teams managing code on bitbucket.org can reap those same benefits. Integration is very simple and straightforward.
|
By GitGuardian
We are excited to announce that Jira Data Center users can now leverage GitGuardian to perform real-time scanning for secrets in issues and comments. We have supported Jira Cloud with real-time scanning for some time, but now teams that run their own private versions of the popular project management tool, helping teams plan, track, and release work. You can install GitGuardian on multiple Jira Data Center sites to monitor your projects.
|
By GitGuardian
It is now easier than ever to receive GitGuardian incident alerts directly in any Microsoft Teams channel you want. Introducing the new Microsoft Teams GitGuardian app. If your organization relies on MS Teams to coordinate incident response, it makes sense to get alerts for new incidents as soon as they occur in your same communications platform. After setup, whenever a new incident is detected by GitGuardian, you will get the alert directly in MS Teams.
|
By GitGuardian
Introducing The GitGuardian Secret Analyzer GitGuardian has always helped you find your leaked secrets, but now GitGuardian can also quickly reveal the permissions of your secrets. One of the first questions any security team needs to ask itself when a secret is leaked is "What exactly could an attacker do with it?" Does it grant read-only access or does it have permissions to write or delete data? At the same time, understanding the correct scope needed for replacing a credential can take a long time, as all too often, the permissions originally granted are poorly documented, if at all.
|
By GitGuardian
If you are using ServiceNow for centralized incident management and SecOps, We have some good news. You can now configure ServiceNow issues to synchronize with GitGuardian incidents. Once configured, you will be able to send incident data from GitGuardian and map it to ServiceNow issues triggering your preferred workflows. And, if properly configured, you can update GitGuardian incidents directly from ServiceNow Issues.
|
By GitGuardian
Introducing The GitGuardian Secret Analyzer GitGuardian has always helped you find your leaked secrets, but now GitGuardian can also quickly reveal the permissions of your secrets. One of the first questions any security team needs to ask itself when a secret is leaked is "What exactly could an attacker do with it?" Does it grant read-only access or does it have permissions to write or delete data? At the same time, understanding the correct scope needed for replacing a credential can take a long time, as all too often, the permissions originally granted are poorly documented, if at all.
|
By GitGuardian
We are proud to announce our new Auto-ignore false positive playbook. We've added this new automated Playbook to the GitGuardian Secret Detection platform to eliminate false positives from your incident queue and help you focus on actionable alerts. In the summer of 2024, we released FP remover, our internal machine learning model, that can significantly reduce false positives by understanding code context and semantics. In our testing it eliminates up to 80% of false positives.
|
By GitGuardian
We're updating your GitGuardian Workspace user interface, introducing a new sideba experience to make it even easier to navigate and take advantage of our secrets detection platform. We look forward to you using the updated GitGuardian UI to help eliminate secrets sprawl in your organization.
|
By GitGuardian
Check out this insightful discussion on the realities of secrets management, featuring Grace Law, Principal Security Engineer in Application Security at a large insurance company, and Chris Smith, Product Marketing Director for Machine Identities & DevSecOps at CyberArk. Together, they’ll share real-world experiences and strategies for overcoming the most pressing challenges in secrets management and security.
|
By GitGuardian
ARMO, a cloud-native security company, has been able to strengthen its security posture and ensure the protection of its client's data, thanks to GitGuardian. The company's CTO and co-founder, Ben Hirschberg, shared his experience of how GitGuardian has helped them close a significant security gap and instill a culture of security awareness throughout the organization.
|
By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
|
By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
|
By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
|
By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- January 2025 (8)
- December 2024 (18)
- November 2024 (11)
- October 2024 (15)
- September 2024 (18)
- August 2024 (11)
- July 2024 (18)
- June 2024 (16)
- May 2024 (15)
- April 2024 (17)
- March 2024 (22)
- February 2024 (18)
- January 2024 (18)
- December 2023 (20)
- November 2023 (12)
- October 2023 (14)
- September 2023 (13)
- August 2023 (20)
- July 2023 (14)
- June 2023 (22)
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (14)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.