Git

The Runtime Secrets' Security Gap

Jul 4, 2024 By Guest Expert In GitGuardian

The last mile in secrets security is securing secrets in workloads. Discover a new way to securely deliver encrypted secrets in your infrastructure with innovative open-source tools, and say goodbye to plaintext secrets.

Read Post

GitGuardian

Read more about The Runtime Secrets' Security Gap

CVE of the month, the supply chain vulnerability hidden for 10 years CVE-2024-38368

Jul 3, 2024 By Mackenzie Jackson In GitGuardian

For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368.

Read Post

GitGuardian

Read more about CVE of the month, the supply chain vulnerability hidden for 10 years CVE-2024-38368

New Critical GitLab Vulnerability Threatens Software Development Security

Jul 2, 2024 By Foresiet In Foresiet

A critical vulnerability in GitLab, a widely-used Git repository platform, has been discovered, threatening the integrity of software development pipelines. GitLab has urged users running vulnerable versions to patch CVE-2024-5655 immediately to prevent potential CI/CD malfeasance. GitLab's Latest Security Patch GitLab, second only to GitHub in popularity, recently released updates for its Community (open source) and Enterprise Editions.

Read Post

Foresiet

Read more about New Critical GitLab Vulnerability Threatens Software Development Security

Secrets in Plain Sight: Unveiling over 1 million secrets on public websites

Jul 2, 2024 By GitGuardian In GitGuardian

Join us at CodeSecDays for an insightful session with Cybernews researcher Vincentas Baubonis, who will reveal how their team discovered 1,141,004 secrets across 58,364 websites. Learn how exposed environment (.env) files containing passwords, API keys, and email credentials can lead to data breaches and site takeovers. We’ll discuss common leaked secrets like database credentials and AWS keys, and their impact, and share research methodology, ethical considerations, and steps to prevent exposure.

View Video

GitGuardian

Read more about Secrets in Plain Sight: Unveiling over 1 million secrets on public websites

CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure

Jul 1, 2024 By Wallarm In Wallarm

A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version control, and project management. Launched as an open-source project in 2011, it has become a powerful solution used globally by millions.

Read Post

Wallarm

Read more about CVE-2024-5655: Latest GitLab API Vulnerability Threatens Customer Data Exposure

Balancing AI Performance and Safety: Lessons from PyData Berlin

Jul 1, 2024 By Thomas Segura In GitGuardian

Would you trust AI to call 911? GitGuardian's ML engineer Nicolas posed this question at PyData Berlin, sparking a discussion on integrating ML into critical systems, debunking AI myths, and balancing innovation with safety in AI deployment.

Read Post

GitGuardian

Read more about Balancing AI Performance and Safety: Lessons from PyData Berlin

Elevating Cloud Security: Highlights from CloudNativeSecurityCon 2024

Jun 28, 2024 By Dwayne McDaniel In GitGuardian

Explore insights from CloudNativeSecurityCon 2024, including securing machine identities, digesting SLSA and GUAC, and the impact of quality documentation.

Read Post

GitGuardian

Read more about Elevating Cloud Security: Highlights from CloudNativeSecurityCon 2024

Container Security Scanning: Vulnerabilities, Risks and Tooling

Jun 27, 2024 By Guest Expert In GitGuardian

Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.

Read Post

GitGuardian

Read more about Container Security Scanning: Vulnerabilities, Risks and Tooling

How to augment DevSecOps with AI?

Jun 27, 2024 By GitGuardian In GitGuardian

Join us for a roundtable on GenAI's dual role in cybersecurity. Experts from GitGuardian, Snyk, Docker, and Protiviti, with Redmonk, discuss threat mitigation versus internal tool adoption, securing coding assistants, leveraging LLMs in supply chain security, and more. Gain valuable insights on harnessing GenAI to enhance your DevSecOps practices.

View Video