Secrets Management Maturity Model
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Secrets Management
Q4 2022 Product Roundup - find and fix hardcoded secrets
Learn more about the challenges awaiting organizations of hundreds to thousands of developers deploying secrets detection and how we're addressing them with our latest feature releases.
Why DevSecOps Teams Need Secrets Management
Proper IT secrets management is essential to protecting your organization from cyberthreats, particularly in DevOps environments, where common CI/CD pipeline tools such as Jenkins, Ansible, Github Actions, and Azure DevOps use secrets to access databases, SSH servers, HTTPs services and other highly sensitive systems.
How to Handle Secrets in Python
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
[Webinar] How You Should Not Remediate Your Hardcoded Secrets
If you have ever run a secrets scanner against your entire codebase, it has likely raised hundreds if not thousands of findings, leaving you wondering, "Where should I start?" Unlike other vulnerabilities, hardcoded secrets represent a threat by themselves whether your code is running or not. Attackers with access to a repository will scan it inside out for secrets, turning every occurrence into a risk you cannot ignore. Still, this does not mean that you should treat all incidents equally!
Implementing Automated Secrets Detection for Application Security
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
GitGuardian Secrets Detectors 2022 Wrap-Up
The GitGuardian team is still striving to provide the broadest secrets detection engine, helping you find and fix all sorts of hardcoded secrets! Learn more about the specific and generic detectors our team has released in 2022 in this post.
Honeytokens - Protect Your Holy Grail
When protecting your SDLC, you must choose. But choose wisely. For as the True Grail will bring you life. The False Grail will take it from you.
[Webinar] Taming Secrets Sprawl with Doppler and GitGuardian
With every hardcoded secret, the software supply chain attack surface grows larger, opening more avenues for the resourceful attacker. Remember Codecov? It all started with a hardcoded secret, ultimately leading to the downstream poisoning of 20,000+ CI pipelines and the exfiltration of more secrets than attackers could ever dream of. It’s time for us, developers and security pros, to take a hard look at our hardcoded secrets – or else, we accept living with the risks and consequences of secrets sprawl.
Best practices for Kubernetes Secrets management
Kubernetes uses secret objects, called Secrets, to store OAuth tokens, secure shell (SSH) keys, passwords, and other secret data. Kubernetes Secrets allow us to keep confidential data separate from our application code by creating it separately from pods. This segregation, along with well-formed role-based access control (RBAC) configuration, reduces the chances of the Secret being exposed — and potentially exploited — when interacting with pods, thereby increasing security.