|
By Greg Bulmash
Enjoy highlights from GitGuardian's ethical hacking webinar with a friend from Snyk.
|
By Thomas Segura
Discover the inner workings of the recently implemented Cyber Resilience Act (CRA) in the EU and explore why this framework has raised concerns about jeopardizing the open-source ecosystem. Join us in our latest blog post to delve into this important topic.
|
By Guest Expert
Discover the roles and risks of honeypots and honeytokens in cybersecurity with this article. Understand how they work, the benefits they bring to your security strategy, and the precautions needed to avoid potential pitfalls.
|
By Dwayne McDaniel
Explore automation, security, and development best practices at TechBash 2023. Discover GitHub Actions, Azure Key Vault, and strategic automation insights.
|
By Guest Expert
Discover how Vermeer Corporation transformed its software development lifecycle to prioritize security. Learn about their journey from open-source tools to adopting GitGuardian for seamless, integrated secret scanning, enhancing DevSecOps with a 'Secure by Default' approach.
|
By Ziad Ghalleb
GitGuardian can now help you check if your (already) hardcoded secrets have not also leaked publicly in code, issues and gists of projects located outside your GitHub organizations.
|
By Guest Expert
Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.
|
By Dwayne McDaniel
Learn how to respond to a secret leak incident effectively. Follow our step-by-step guide to understand the impact, rotate secrets safely, and prevent future leaks.
|
By Mackenzie Jackson
Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access.
|
By Greg Bulmash
A condensed recap of our hands-on runtime security webinar from September. Get the juiciest knowledge nuggets and pointers to more.
|
By GitGuardian
Embark on an exciting journey into the realm of ethical hacking with our webinar, "Crack the Code: A Beginner's Guide to Ethical Hacking." Join Sonya Moisset of Snyk as we unveil the mysteries of cybersecurity and provide you with the tools to protect your digital assets.
|
By GitGuardian
In this video we look at how to effectively use the dotenv npm package to securely use secrets like API keys by loading them into your project as environment variables. To do this we first place our secrets in a.env file and the dotenv project will load these in as env variables.
|
By GitGuardian
Did you know that you can use ggshield to scan docker images for secrets? Many Docker images get shared through places like Dockerhub, and sometimes, images get shared unexpectedly, such as when you have a code leak. We built the `ggshield secret scan docker` command to help. With one simple command, anyone on your team can quickly detect any hardcoded credentials inside a docker image.
|
By GitGuardian
Did you know that GitGuardian can add comments directly to your GitHub pull requests and even stop a PR from succeeding if it contains any hardcoded secrets? When a new pull request is created, a new check run is performed, and GitGuardian will scan through each commit inside the PR, not just the most recent one. If someone added a secret to an early commit, but then removed it right before making the PR, you still need to know it is present in the git history so you can address it.
|
By GitGuardian
Are you building your applications on Azure? Good news, it is now easier than ever to integrate GitGuardian with Azure repos. Azure is one of the most popular cloud platforms out there. Now, GitGuardian users can integrate their Azure Repos in two different ways: at the organization level or the instance level.
|
By GitGuardian
Many teams choose to mark incidents as resolved once the secret involved has been revoked or rotated. With the GitGuardian auto-resolution playbook, you can automate the remediation process, saving you a step any time a credential becomes invalid. This works for both real-time detection and all historical incidents whenever an incident is re-checked for validity.
|
By GitGuardian
In this webinar, we are joined by Varun Sharma and Ashish Kurmi, founders of StepSecurity. StepSecurity is a pioneer in runtime security for CI/CD pipelines. Given that CI/CD is a high-privileged environment that builds release artifacts and has admin cloud credentials, there has been an increase in attacks on CI/CD pipelines. The importance of CI/CD Security has been underlined by recent guidance from the Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA)
|
By GitGuardian
Did you know you can add custom detectors to make GitGuardian Secrets Detection even more powerful? GitGuardian already looks for over 390 different types of specific secrets - from Adobe and AWS keys to Zoom and Zendesk Tokens. That's on top of looking for over a dozen generic patterns like Bearer tokens and JSON web tokens. Now, anyone on a Business plan or higher can request to extend GitGuardian's secrets detection engine to support detectors specific to their organization.
|
By GitGuardian
We are proud to introduce Infra as Code Security in The GitGuardian Platform. GitGuardian can now automatically scan connected GitHub or GitLab repositories for IaC template files like Terraform and CloudFormation and alert you about any misconfigurations affecting your AWS, Azure, and GCP deployments, your Kubernetes clusters, and Docker containers.
|
By GitGuardian
Two of the first questions typically asked when you are experiencing a secret leak are:"Is the credential still valid?" and"Has the secret been removed from the git repo?" GitGuardian makes it simple to understand the state of your leaked secrets with our automatic validity and presence checks.
|
By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
|
By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
|
By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
|
By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- December 2023 (2)
- November 2023 (12)
- October 2023 (14)
- September 2023 (13)
- August 2023 (20)
- July 2023 (14)
- June 2023 (22)
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (14)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.