|
By Dwayne McDaniel
This year's report shows how credential sprawl across DevOps, SaaS, CI/CD, the cloud, and developer laptops turns initial access into operational impact.
|
By Dwayne McDaniel
In an AI-assisted development era, the third edition of BSides312 showed why trust, identity, access, evidence, and community remain core to security work.
|
By Gaetan Ferry
Code from GitHub and Grafana is in criminal hands. Secrets buried inside could open doors no one is thinking of protecting yet, and AI will make hunting 0-days in that private code faster than ever.
|
By Guillaume Valadon
A single leaked Kubernetes credential rarely stays in the cluster. It opens the registry credentials, private Docker images, and private GitHub repositories behind it. In Q1 2026 alone, our detectors caught close to 2,000 new such leaks on GitHub, 28% valid at leak time.
|
By Guillaume Valadon
On May 14, GitGuardian found a public GitHub repository called "Private-CISA" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours.
|
By Dwayne McDaniel
Security leaders at this SF area Summit examined AI agent risk, dependency governance, stale infrastructure, and the future of secure software.
|
By Thomas Segura
Using Cursor, GitHub Copilot, Claude Code, Codex, or another coding agent means giving software access to more than your code. It can also see the credentials available in your workspace, shell, config files, and development environment.
|
By Soujanya Ain
GitGuardian's NHI Governance now adds privilege context to leaked secrets, auto-escalating admin-level risks for smarter prioritization across AWS, Entra, and Okta. Discover how admin badges and overprivilege detection cut through noise to focus on true blast radius.
|
By Dwayne McDaniel
GCSI 2026 showed why cyber readiness depends on visibility into vendors, AI tools, identities, workflows, and hidden business dependencies.
|
By Dwayne McDaniel
Modern developer environments expose sensitive context across files, prompts, logs, and commands. Learn how layered local controls reduce secrets risk.
|
By GitGuardian
ggshield 1.51 is here with better support for AI-powered development and browser-less environments. This release adds Codex hook support, MCP server detection across Claude and Cursor, and `ggshield auth login --method oob` for SSH sessions and headless servers. It also strengthens trust in the ggshield supply chain with GitHub Artifact Attestations for release binaries, improves plugin management through your authenticated GitGuardian instance, adds a `vscode` alias for Copilot hook installation, and shows workspace ID in `ggshield api-status`.
|
By GitGuardian
AI coding assistants like Claude Code and Cursor are helping developers write more code faster, but that also means more chances for secrets to slip into prompts, files, commits, and tool outputs. GitGuardian’s new open-source **agent-skills** repository teaches AI agents how to use **ggshield** directly inside the developer workflow: when to scan, how to read findings, and how to guide remediation for leaked credentials.
|
By GitGuardian
"Malware is created by criminals. They are intending to cause harm. It is not hypothetical. They want you to consume it for nefarious purposes.".
|
By GitGuardian
In this interview, GitGuardian security researcher Guillaume Valadon breaks down how GitGuardian discovered a public GitHub repository exposing CISA-related secrets, including plain-text passwords, AWS tokens, SAML certificates, CI/CD files, Kubernetes manifests, and internal operational documentation. We discuss how the leak was identified, why exposed secrets can create immediate risk, and how GitGuardian helped escalate the disclosure until the repository was taken offline within 26 hours.
|
By GitGuardian
Read the full report here: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
|
By GitGuardian
Read the full report here: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
|
By GitGuardian
While not a new feature, the GitGuardian team has been hard at work making updates to our TokenScanner, the underlying engine that powers GitGuardian's secret scanning ability. This is great news for folks dealing with very large repos and legacy platforms that thousands of developers have touched over the years. Scanning millions of files, attachments, commits, and anywhere else secrets might be hiding takes minutes. Historical scans across petabytes of information, which used to take days, now take less than an hour. What used to take hours takes a few short minutes.
|
By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
|
By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
|
By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
|
By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- May 2026 (25)
- April 2026 (25)
- March 2026 (14)
- February 2026 (11)
- January 2026 (16)
- December 2025 (20)
- November 2025 (14)
- October 2025 (16)
- September 2025 (18)
- August 2025 (14)
- July 2025 (10)
- June 2025 (12)
- May 2025 (12)
- April 2025 (18)
- March 2025 (14)
- February 2025 (10)
- January 2025 (19)
- December 2024 (18)
- November 2024 (11)
- October 2024 (15)
- September 2024 (18)
- August 2024 (11)
- July 2024 (18)
- June 2024 (16)
- May 2024 (14)
- April 2024 (17)
- March 2024 (22)
- February 2024 (18)
- January 2024 (18)
- December 2023 (20)
- November 2023 (12)
- October 2023 (14)
- September 2023 (13)
- August 2023 (20)
- July 2023 (14)
- June 2023 (22)
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (13)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.