Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Secrets Management

TruffleHog vs. Gitleaks: A Detailed Comparison of Secret Scanning Tools

TruffleHog and Gitleaks are popular secrets scanning tools that can automatically surface hardcoded secrets such as API keys, passwords, and tokens. They can both be integrated into the Software Development Lifecycle (SDLC) to proactively scan repositories to identify and rectify potential issues before they can be exploited. The need for effective secret detection tools underscores a broader shift toward more secure software development practices.

Lessons Learned About Secrets Protection After the Sisense Breach

Sisense is a popular monitoring tool that enables users to monitor business metrics from multiple third-party sources in a single dashboard. On April 10, the company informed customers that the sensitive information they entrusted with Sisense may have been compromised and urged them to reset their password and rotate their secrets. According to KrebsOnSecurity, the attackers were allegedly able to access GitLab repositories hosted by Sisense, where hard-coded secrets may have been found.

A guide to developer secrets and shadow IT for security teams

This is the final post in a series about shadow IT. In this series, we’ve detailed how and why teams use unapproved apps and devices, and cybersecurity approaches for securely managing it. For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.

Manage secrets with AWS Secrets Manager with Python - Tech Tip Tuesday

In this video, we show exactly how to use AWS Secrets Manager and how to connect it with your Python application. Secrets are hard to manage and while using methods like storing them as environment variables in a.env file can be suitable, a more secure method particularly in a team is to use a secrets manager so developers can avoid ever needing to handle the plain text secret. Subscribe to the channel to get more Tech Tips on Tuesdays (and also other days)

Detect secrets in Slack channels with GitGUardian

Good news! GitGuardian can now help you find and remediate secrets exposed in Slack channels. You already know us for accurately detecting secrets in your code base. And now, we have extended the real-time detection capability to cover the world's most popular communications platform. Add Slack to your GitGuardian monitored perimeter, and help keep secrets sprawl out of your team communications channels!