|
By Soujanya Ain
GitGuardian's NHI Governance now adds privilege context to leaked secrets, auto-escalating admin-level risks for smarter prioritization across AWS, Entra, and Okta. Discover how admin badges and overprivilege detection cut through noise to focus on true blast radius.
|
By Dwayne McDaniel
GCSI 2026 showed why cyber readiness depends on visibility into vendors, AI tools, identities, workflows, and hidden business dependencies.
|
By Dwayne McDaniel
Modern developer environments expose sensitive context across files, prompts, logs, and commands. Learn how layered local controls reduce secrets risk.
|
By Anna Nabiullina
Build an identity and access management strategy for non-human identities. Secure service accounts, workloads, and machine identities in the cloud.
|
By Guillaume Valadon
7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP's Node.js packages — and it's still active. Here's what GitGuardian found.
|
By Gaetan Ferry
LLMs leave statistical fingerprints in the passwords they generate. We built a 100-year-old model to find them and detected 28,000 in the wild.
|
By Dwayne McDaniel
Understand where short-lived credentials reduce risk in agentic systems and where operational complexity requires stronger monitoring and governance controls.
|
By Ben MartinMooney
The Mythos-ready briefing names secrets rotation, NHI governance, and honeytokens as critical controls. Zero-days don't replace credential attacks; they accelerate them. Credential security deserves to move up every CISO's priority list.
|
By Guillaume Valadon
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.
|
By Dwayne McDaniel
This year's Devner OWASP event showed why modern AppSec depends on secure defaults, stronger provenance, and security controls that appear where developers make decisions.
|
By GitGuardian
While not a new feature, the GitGuardian team has been hard at work making updates to our TokenScanner, the underlying engine that powers GitGuardian's secret scanning ability. This is great news for folks dealing with very large repos and legacy platforms that thousands of developers have touched over the years. Scanning millions of files, attachments, commits, and anywhere else secrets might be hiding takes minutes. Historical scans across petabytes of information, which used to take days, now take less than an hour. What used to take hours takes a few short minutes.
|
By GitGuardian
Download the report now, not gated: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
|
By GitGuardian
In April, three major supply chain campaigns hit npm, PyPI, and Docker Hub in just 48 hours, and while the ecosystems were different, the objective was the same: steal credentials from developer environments and CI/CD pipelines. The malware targeted API keys, cloud credentials, SSH keys, GitHub tokens, npm tokens, environment variables, and more, turning developer machines and build systems into high-value credential vaults for attackers.
|
By GitGuardian
See how the GitGuardian Assistant helps teams investigate, understand, and remediate secret incidents directly from the GitGuardian workspace. In this preview, Mathieu and Dwayne walk through how the assistant uses incident context, workspace details, and GitGuardian documentation to answer questions, suggest next steps, and help manage incidents through natural language. It can explain threat patterns, assess scope and impact, recommend remediation steps, assign incidents, update tags, and propose changes to incidents.
|
By GitGuardian
GitGuardian Workspace Quick Access helps you move through the platform faster with one unified search experience. In this video, we walk through how to open Quick Access with Ctrl+K, or Cmd+K on Mac, search across platform pages and public documentation, navigate results with keyboard shortcuts, and jump directly to the section you need. Quick Access respects your permissions and workspace configuration, so results stay relevant to the pages, features, and docs available to you.
|
By GitGuardian
We are excited to announce the private beta of our advancement in fighting secret sprawl and keeping your developers safe. GitGuardian Developer Endpoint Protection.
|
By GitGuardian
GitGuardian Senior Cybersecurity Researcher Gaetan Ferry’s latest research shows that AI-generated passwords are leaving fingerprints in the wild. In this interview, he explains how he used Markov chains, a century-old statistical model, to detect patterns in passwords generated by modern LLMs, attribute them to model families, and identify 28,000 likely LLM-generated passwords across public GitHub. The findings are a warning for teams adopting AI coding agents.
|
By GitGuardian
In this video, Romain Jouhannet, Product Manager at GitGuardian, talks with Dwayne McDaniel, Developer Advocate at GitGuardian about the platform's new native support for Gerrit as a VCS source. Gerrit is widely used for enterprise code review workflows, often hosting sensitive internal repositories. You can now connect your Gerrit instance to GitGuardian to detect secrets exposed across your repositories and commit histories, with the same experience as our other VCS integrations.
|
By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
|
By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
|
By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
|
By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- May 2026 (10)
- April 2026 (25)
- March 2026 (14)
- February 2026 (11)
- January 2026 (16)
- December 2025 (20)
- November 2025 (14)
- October 2025 (16)
- September 2025 (18)
- August 2025 (14)
- July 2025 (10)
- June 2025 (12)
- May 2025 (12)
- April 2025 (18)
- March 2025 (14)
- February 2025 (10)
- January 2025 (19)
- December 2024 (18)
- November 2024 (11)
- October 2024 (15)
- September 2024 (18)
- August 2024 (11)
- July 2024 (18)
- June 2024 (16)
- May 2024 (14)
- April 2024 (17)
- March 2024 (22)
- February 2024 (18)
- January 2024 (18)
- December 2023 (20)
- November 2023 (12)
- October 2023 (14)
- September 2023 (13)
- August 2023 (20)
- July 2023 (14)
- June 2023 (22)
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (13)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.