May 31, 2023 | By Dwayne McDaniel
The PHP community came together in Chicago for php 2023, sharing best practices and the latest updates from the language and frameworks that run over 77% of the internet.
May 29, 2023 | By Guest Expert
Protect your code and secure your repositories with honeytokens. Learn how to create and add these digital traps to your SCM repositories and how GitGuardian helps you stay alert to potential threats. Read on for best practices and tips to make the most out of honeytokens.
May 26, 2023 | By Thomas Segura
With a large number of developers, it’s highly likely that your company’s secrets are publicly exposed without your knowledge. Request your audit today and take control of your GitHub security perimeter.
May 24, 2023 | By Mackenzie Jackson
Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.
May 22, 2023 | By Guest Expert
Is DevOps really dead? Learn about the rise of platform engineering and how it differs from DevOps in terms of self-service capabilities and automation. Discover how security fits into this new paradigm and the benefits of platform engineering for software development teams of various sizes.
May 19, 2023 | By Dwayne McDaniel
The CD Foundation and OpenGitOps communities joined forces in Vancouver to create cdCon + GitOpsCon for a conference about the future of DevOps tools and best practices.
May 17, 2023 | By Ziad Ghalleb
The new partnership enables Snyk and GitGuardian to build, integrate and go to market together to help development and security teams scale their security programs and significantly reduce their applications' attack surface at every stage of the code-to-cloud lifecycle.
May 12, 2023 | By Guest Expert
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
May 9, 2023 | By Thomas Segura
Our latest report gathered answers from 507 IT and security decision-makers to study awareness about the risks posed by secrets sprawl and operational maturity in large enterprises.
May 8, 2023 | By Dwayne McDaniel
GitGuardian was part of AppSec Sandbox at RSA, put on by AppSec Village. Learn about our blue team exercise that used honeytokens to find and boot an attacker.
May 29, 2023 | By GitGuardian
Secrets sprawl is showing no signs of a slowdown. Last month, we revealed 1 in 10 code authors exposed a secret on GitHub in 2022, collectively leaking 10 million secrets (you read that right, T-E-N) on the platform. This time, we're stepping beyond the data. We went on a (virtual) field trip and asked 500+ CISOs and engineering leaders how they currently deal with hardcoded secrets, how they intend to solve their organization's secrets management puzzle, their top priorities and investment areas in AppSec and Dev tooling, and many other questions!
May 26, 2023 | By GitGuardian
Jason Haddix is the CISO of BuddoBot and former CISO/Head of Security at UbiSoft. In this clip Jason explores why a comprehensive secrets management program is absolutely vital for a organizations. He walks us through his 4 step secrtes management plan he has rolled out to Detect, Prevent, Respond and Educate. Today Jason puts together his cyber leadership skills with his penetration testing background as the CISO of BuddoBot, a world class red team as a service organization that is designed to emulate and prepare your organization for real world attacks.
May 22, 2023 | By GitGuardian
In this short we look at the three components that make up docker, the docker file, docker image and docker container.
May 15, 2023 | By GitGuardian
CEO of socket shares his thoughts on why the supply chain is the biggest risk for 2023 and how we can secure it. This interview was part of an entire episode on The Security Repo podcast dedicated to the insights from the 2023 RSA conference.
May 10, 2023 | By GitGuardian
GitHooks are a great way of automating tasks and checking information while using git. These hooks are both powerful surprisingly easy to create yourself. In this video tutorial we run through how git hooks work and create both local and global git hooks which can call an API, use grep to find keys and call local package.
May 8, 2023 | By GitGuardian
Hacker Adriel Desautel explains why honey pots are such an effective tool to use against malicious threat actors. Adriel is a legendary personality in the security and hacking communities, today as the founder and CEO of Netraguard he, along with his team, conduct real world penetration tests on organizations of all sizes. This clip is part of an episode in The Security Repo Podcast where white hat hackers Noah Tongate and Adriel Desautel give real world advice on how to protect yourself against 'people like them'.
May 5, 2023 | By GitGuardian
OpenAi have confirmed they have had a data breach involving a vulnerability inside a open-source dependency Redis. This allowed threat actors to see history from other active users. But this leads to the bigger question, how can we secure ChatGPT. In this video I explain my position using some interesting data that ChatGPT should be part of all organizations threat landscape and that banning ChatGPT won't help the situation.
May 3, 2023 | By GitGuardian
You may have noticed the.git directory sitting in your repo but not understood exactly what this is. These folders can contain lots of sensitive information so it's important to know what they do!
Apr 27, 2023 | By GitGuardian
What is the biggest security threat for 20233 and how can we combat it? This is the million dollar question security. GitGuardian developer advocate Mackenzie Jackson had the opportunity to ask Joseoh Carson from Delinea what he expected to come from 2023.
Apr 26, 2023 | By GitGuardian
GitGuardian Honeytoken has got you covered. You can deploy honeytokens at scale, monitor for unauthorized use, and detect intrusions in your supply chain before they can cause any damage to your assets. Honeytokens are unique, decoy credentials that can be placed across your software delivery pipeline, giving you the ability to track unauthorized access attempts in real time. They allow you to monitor when, where, and how attackers are trying to access your assets. This way, you can take proactive measures to prevent attacks before they happen.
Feb 1, 2023 | By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
Feb 1, 2023 | By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
Jan 1, 2023 | By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
Jan 1, 2023 | By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (14)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.