|
By Thomas Segura
Business intelligence company Sisense has seen secrets compromised in its GitLab repositories, leading to a siphoning of its customers' sensitive data.
|
By Greg Bulmash
SBOMs are security analysis artifacts becoming required by more companies due to internal policies and government regulation. If you sell or buy software, you should know the what, why, and how of the SBOM.
|
By Dwayne McDaniel
Leverage our newest quiz to discover the most appropriate approach to managing secrets safely based on where your organization is today and how it will grow in the future.
|
By Dwayne McDaniel
Explore ATLSECCON 2024: a journey through mindfulness, risk management, Active Directory security, understanding containers, and more in the far North of Halifax.
|
By Eric Fourrier
My perspective on how GitGuardian approaches the cybersecurity market with a focus on the long game.
|
By Thomas Segura
The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to maintain trust and security.
|
By Dwayne McDaniel
Dive into our recap of AltCloudCon, a community-led, developer-focused event offering practical insights for responsibly harnessing AI and securing cloud infrastructure.
|
By Greg Bulmash
Cybersecurity agencies from five different national governments put out a plea in December for developers to use memory-safe programming languages. Are you ready?
|
By Guest Expert
In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management.
|
By GitGuardian
Enabling organizations to enhance their security posture by fighting vulnerabilities in code dependencies throughout the entire software development lifecycle.
|
By GitGuardian
In this video, we explore AI package Hallucination. This threat is a result of AI generation tools hallucinating open-source packages or libraries that don't exist. In this video, we explore why this happens and show a demo of ChatGPT creating multiple packages that don't exist. We also explain why this is a prominent threat and how malicious hackers could harness this new vulnerability for evil. It is the next evolution of Typo Squatting.
|
By GitGuardian
Welcome to our concise video on ASPM – Application Security Posture Management! In this brief 1-minute video, we unravel the complexities surrounding ASPM, shedding light on its crucial role in safeguarding digital assets and data integrity. ASPM serves as a comprehensive framework for assessing, monitoring, and enhancing the security posture of applications throughout their lifecycle. From development to deployment and beyond, ASPM empowers organizations to proactively identify and mitigate security risks, vulnerabilities, and compliance gaps.
|
By GitGuardian
Understanding our supply chain means understanding all the components that make it. But this is harder than it appears. Open-source components make up 80 - 90% of our application's source code, but we must also remember that our open-source components are also made from open-source components, it's like supply chain inception. SCA or Software Composition Analysis is a security tool that looks at your entire supply chain and outlines vulnerabilities, including transitive or downstream dependencies.
|
By GitGuardian
In this video, we show exactly how to use AWS Secrets Manager and how to connect it with your Python application. Secrets are hard to manage and while using methods like storing them as environment variables in a.env file can be suitable, a more secure method particularly in a team is to use a secrets manager so developers can avoid ever needing to handle the plain text secret. Subscribe to the channel to get more Tech Tips on Tuesdays (and also other days)
|
By GitGuardian
Good news! GitGuardian can now help you find and remediate secrets exposed in Slack channels. You already know us for accurately detecting secrets in your code base. And now, we have extended the real-time detection capability to cover the world's most popular communications platform. Add Slack to your GitGuardian monitored perimeter, and help keep secrets sprawl out of your team communications channels!
|
By GitGuardian
In this video we provide a breakdown of the nation-state attack on Microsoft by Russian backed hacking group Midnight Blizzard ( also known as NOBELIUM) that happened between November 2023 and March 2024.
|
By GitGuardian
If you are using Jira Cloud for issue-tracking and project management, we have some great news! GitGuardian can now help you find and remediate any plaintext secrets found inside your Jira Cloud instance, You can now rely on GitGuardian's real-time secrets detection to find credentials - shared in Jira ticket descriptions, comments, or even titles. Integrating Jira Cloud with GitGuardian is simple, but does requires a Business or Enterprise plan.
|
By GitGuardian
Explore the industry-first solution designed to empower security and development teams in securing secrets across multi-cloud, DevOps, and containerized environments. Discover innovative use cases, from detecting public GitHub leaks to enforcing secret management policies. Don't miss this opportunity to delve into the future of secrets security with our very own Mackenzie Jackson from GitGuardian and special guests Evan Litwak and David Hisel from CyberArk. Save your spot now for an engaging conversation redefining your approach to secret protection in software development.
|
By GitGuardian
With GitGuardian Honeytoken Deployment Jobs, you can quickly add honeytokens to any private repo with just a few clicks. In this new automated process, GitGuardian will check the type of code in the repo and, based on the context, generate a new file populated with a unique honeytoken. It will then create a new merge request ready for your team's review so you can add in a honeytoken with very little effort.
|
By GitGuardian
Secrets like API keys, Certificates, and credential pairs are used throughout modern software development. However, these pose a significant risk as attackers are always after them to gain unauthorized access to our system. This video explains in 60 seconds why hardcoding secrets or insecurely storing them is a security issue. The video also addresses some tools to use to manage your secrets or to scan your sourcecode for secrets,
|
By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
|
By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
|
By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
|
By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- April 2024 (9)
- March 2024 (22)
- February 2024 (18)
- January 2024 (18)
- December 2023 (20)
- November 2023 (12)
- October 2023 (14)
- September 2023 (13)
- August 2023 (20)
- July 2023 (14)
- June 2023 (22)
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (14)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.