GitGuardian

Paris, France
2017
  |  By Soujanya Ain
Enhance your secrets remediation process with GitGuardian’s new features: pinpoint the locations needing code fixes and track the progress in real time. Discover how these tools can boost efficiency, enhance collaboration, and shorten remediation times.
  |  By Guardians
GitGuardian's Lead security engineer, Kayssar Daher, shares his team's successes, challenges, and results of the past year.
  |  By Guest Expert
Get started with IAM by using Terraform to create users, groups, and policies.
  |  By Guest Expert
The last mile in secrets security is securing secrets in workloads. Discover a new way to securely deliver encrypted secrets in your infrastructure with innovative open-source tools, and say goodbye to plaintext secrets.
  |  By Mackenzie Jackson
For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368.
  |  By Thomas Segura
Would you trust AI to call 911? GitGuardian's ML engineer Nicolas posed this question at PyData Berlin, sparking a discussion on integrating ML into critical systems, debunking AI myths, and balancing innovation with safety in AI deployment.
  |  By Dwayne McDaniel
Explore insights from CloudNativeSecurityCon 2024, including securing machine identities, digesting SLSA and GUAC, and the impact of quality documentation.
  |  By Guest Expert
Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.
  |  By GitGuardian
The company's latest breakthrough in secrets detection will relieve Security and Engineering teams from noisy scanning results.
  |  By Ferdinand Boas
GitGuardian is pushing its secrets detection engine precision to new heights. We enhanced our detection capabilities with Machine Learning to cut the number of false positives by half. Security and engineering teams will spend significantly less time reviewing and dismissing false alerts.
  |  By GitGuardian
Join us at CodeSecDays for an insightful session with Cybernews researcher Vincentas Baubonis, who will reveal how their team discovered 1,141,004 secrets across 58,364 websites. Learn how exposed environment (.env) files containing passwords, API keys, and email credentials can lead to data breaches and site takeovers. We’ll discuss common leaked secrets like database credentials and AWS keys, and their impact, and share research methodology, ethical considerations, and steps to prevent exposure.
  |  By GitGuardian
In the rapidly evolving world of software development, maintaining robust security protocols is paramount. For Vermeer Corporation, a leading manufacturer of large agricultural and industrial machinery, embedding security into their software development lifecycle was a significant challenge. That is until they discovered GitGuardian. CJ May, a senior IT Security Analyst at Vermeer Corporation, shared his experience of integrating GitGuardian into their software development process. He described the tool as "invaluable for any security program.".
  |  By GitGuardian
In the world of software development, the security of your code is paramount. This is especially true for GitOps shops like Kubefirst, where secrets, tokens, and repositories are constantly being updated and shared. John Dietz, CEO and technical co-founder of Kubefirst, shared his experiences with GitGuardian and how it has become an essential tool in their operations.
  |  By GitGuardian
AI-assisted coding tools increase your delivery speed… and unfortunately security risks as well.
  |  By GitGuardian
Open-source components forever changed how we build software, but they are also a prominent security threat, nothing illustrated this better than the recent XZ library incident where the world narrowly avoided a massive supply chain attack. Join Gene Gotimer and Mackenzie Jackson to discuss how we can keep our open-source supply chains secure as we discuss: Security implications of vulnerable open-source components How using automation can help us move toward a secure supply chain How to discover and detect vulnerable components.
  |  By GitGuardian
Speed up your remediation workflow with GitGuardian's new Advanced Jira Cloud integration: Users have already been able to manually open Jira tickets from the incident view in the dashboard. Now, you can configure GitGuardian to create a new Jira ticket to track any needed development efforts. You can also configure the Jira tickets to resolve an incident in GitGuardian when a specific status is reached. It will mark the associated incident as Resolved so you can stay focused on other work.
  |  By GitGuardian
In this video, we explore AI package Hallucination. This threat is a result of AI generation tools hallucinating open-source packages or libraries that don't exist. In this video, we explore why this happens and show a demo of ChatGPT creating multiple packages that don't exist. We also explain why this is a prominent threat and how malicious hackers could harness this new vulnerability for evil. It is the next evolution of Typo Squatting.
  |  By GitGuardian
Welcome to our concise video on ASPM – Application Security Posture Management! In this brief 1-minute video, we unravel the complexities surrounding ASPM, shedding light on its crucial role in safeguarding digital assets and data integrity. ASPM serves as a comprehensive framework for assessing, monitoring, and enhancing the security posture of applications throughout their lifecycle. From development to deployment and beyond, ASPM empowers organizations to proactively identify and mitigate security risks, vulnerabilities, and compliance gaps.
  |  By GitGuardian
Understanding our supply chain means understanding all the components that make it. But this is harder than it appears. Open-source components make up 80 - 90% of our application's source code, but we must also remember that our open-source components are also made from open-source components, it's like supply chain inception. SCA or Software Composition Analysis is a security tool that looks at your entire supply chain and outlines vulnerabilities, including transitive or downstream dependencies.
  |  By GitGuardian
In this video, we show exactly how to use AWS Secrets Manager and how to connect it with your Python application. Secrets are hard to manage and while using methods like storing them as environment variables in a.env file can be suitable, a more secure method particularly in a team is to use a secrets manager so developers can avoid ever needing to handle the plain text secret. Subscribe to the channel to get more Tech Tips on Tuesdays (and also other days)
  |  By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
  |  By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
  |  By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
  |  By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.

GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.

Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:

  • There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
  • Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
  • Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.

Keep secrets out of your source code.