Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Git

Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.

Integrating GitGuardian Incidents With ServiceNow Issues

If you are using ServiceNow for centralized incident management and SecOps, We have some good news. You can now configure ServiceNow issues to synchronize with GitGuardian incidents. Once configured, you will be able to send incident data from GitGuardian and map it to ServiceNow issues triggering your preferred workflows. And, if properly configured, you can update GitGuardian incidents directly from ServiceNow Issues.

Top 15 GitHub Data Risks: Data Loss Scenarios and How to Prevent Them

While GitHub offers robust features, preventing data loss risks requires proactive measures. It’s vital as businesses increasingly rely on GitHub for source code management, safeguarding repositories against data loss, breaches, and operational disruptions. This overview explores the 15 most common data risks and provides actionable strategies for securing repositories and maintaining seamless development workflows.

Introducing The GitGuardian Secret Analyzer

Introducing The GitGuardian Secret Analyzer GitGuardian has always helped you find your leaked secrets, but now GitGuardian can also quickly reveal the permissions of your secrets. One of the first questions any security team needs to ask itself when a secret is leaked is "What exactly could an attacker do with it?" Does it grant read-only access or does it have permissions to write or delete data? At the same time, understanding the correct scope needed for replacing a credential can take a long time, as all too often, the permissions originally granted are poorly documented, if at all.

Introducing GitGuardian's New Auto-ignore False Positive Playbook

We are proud to announce our new Auto-ignore false positive playbook. We've added this new automated Playbook to the GitGuardian Secret Detection platform to eliminate false positives from your incident queue and help you focus on actionable alerts. In the summer of 2024, we released FP remover, our internal machine learning model, that can significantly reduce false positives by understanding code context and semantics. In our testing it eliminates up to 80% of false positives.

Introducing The New GitGuardian Workspace Sidebar Navigation

We're updating your GitGuardian Workspace user interface, introducing a new sideba experience to make it even easier to navigate and take advantage of our secrets detection platform. We look forward to you using the updated GitGuardian UI to help eliminate secrets sprawl in your organization.

The Ultralytics Supply Chain Attack: Connecting the Dots with GitGuardian's Public Monitoring Data

On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian’s data, we reconstructed deleted commits, connecting the dots with the initial analysis. This investigation highlights the value of GitGuardian’s data in understanding supply chain attacks.