Paris, France
2017
  |  By Henri Hubert
GitGuardian is now live on the Kiro Powers marketplace. Install the Power once, and Kiro's agent scans for exposed secrets automatically every time it writes or modifies code that handles credentials.
  |  By Soujanya Ain
Cloud keys, shell history, SSH keys, AI agent caches: a complete inventory of where credentials hide on a developer's machine, and why infostealers go looking there.
  |  By Dwayne McDaniel
Explore cloud security lessons from IEEE Cloud Summit 2026, including agentic AI risks, over-permissioned identities, Kubernetes policy, and forensics.
  |  By Guest Expert
While organizations invest in secrets management solutions like AWS Secrets Manager—a fully managed service for storing, rotating, and retrieving credentials—security teams still face a fundamental challenge: you can’t secure what you can’t see.
  |  By Dwayne McDaniel
AI assistants are repeating a common Git mistake: committing fixes that remove secrets only from the latest code, not from repository history. GitGuardian AI Skills can help.
  |  By Guillaume Valadon
We found 62 live PyPI tokens leaking on public sources, enough to push malicious code to 125 packages with 25,000 monthly downloads. We reported them to PyPI, which revoked every one. Here's how we decoded the macaroons and checked which still worked.
  |  By Dwayne McDaniel
This year's event made it clear that as AI agents scale across enterprises, we must solve ownership, delegation, least privilege, and auditability before production risk grows.
  |  By Dwayne McDaniel
Sessions at BSidesSATX 2026 connected runtime secrets, cloud identity permissions, compliance evidence, and, ultimately, the human side of security.
  |  By Valentin Murat
GitGuardian helps security teams detect leaked secrets across dozens of integrations, all converging in one place: our dashboard. As our data volume grew, some pages started taking several seconds to load.
  |  By GitGuardian
GitGuardian is introducing Developer Endpoint Protection, extending its secrets and non-human identity (NHI) security platform coverage to developer workstations.
  |  By GitGuardian
Every secret leak matters, but not every incident needs the same level of alerting. GitGuardian’s new Smart Notifiers let teams define per-channel rules so notifications are only sent for the incidents that matter most, using filters like severity, ML risk score, validity, secret type, and GitGuardian tags. This is available now for custom webhooks, Slack, and Microsoft Teams. We will be adding support for ServiceNow, Jira, Splunk, PagerDuty, Discord, and broader email filtering coming next.
  |  By GitGuardian
ggshield 1.52.0 and 1.52.2 bring several practical updates for teams securing AI-assisted development workflows. This release adds honeytoken plant, a command for adding local decoy AWS credential profiles Also, GitGuardian AI hooks installation will guide you through any issues you might encounter. As well as better macOS Keychain handling before hooks run in non-interactive agent sessions. The release also adds standalone Linux ARM builds and new one-line install and uninstall scripts for Linux, macOS, and Windows.
  |  By GitGuardian
GitGuardian Developer Endpoint Protection helps security teams find secrets across any of your organization's laptops. In this walkthrough, Dwayne shows how to install ggshield, enable the machine scan plugin, run a local workstation scan, and review findings in the local dashboard.
  |  By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
  |  By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
  |  By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
  |  By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.

GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.

Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:

  • There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
  • Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
  • Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.

Keep secrets out of your source code.