Twitter's leak illustrates why source code should never be sensitive
Twitter's source code was recently leaked publically on a GitHub repository. This blog post looks at exactly what happened and what security consequences could stem from this leak.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
March 2023
Review your hardcoded secrets incidents in Kondukto's AppSec orchestration platform
Kondukto and GitGuardian have teamed up to provide an integration that brings together their knowledge in AppSec orchestration and automated secrets detection.
GitGuardian Teams - Role-base Access Management
At GitGuardian, we work with customers of all sizes, some with many dozens of AppSec team members supporting tens of thousands of developers. The larger and more sophisticated the organization, the more they rely on Role-based Access Management to best administer user permissions. On the GitGuarian platform, we call this feature Teams. Sign up for a free trial of the business plan today to see how Teams can improve your remediation workflow.
GitGuardian Playbooks - Auto-Granting Access To Incidents
At GitGuardian, we know that time can be a critical factor when any incident involving secrets occurs. That's why our platform allows you to quickly and easily automate parts of your incident response. We call these automations "Playbooks". Our Auto-access granting playbook grants the right access to the right developers so they can work on the issue as soon as possible.
Remediating Incidents With The GitGuardian API [cheat sheet included]
The GitGuardian API lets you remediate your secret incidents from any platform you prefer. We are proud to release a new demo application to help you learn how to automate your workflows.
GitGuardian vs. Custom-Built Secrets Detection Tools
DIY or open-source secrets detection can seem cost-effective and customizable initially... until you start hitting the first obstacles like scalability, developer experience (DX), or deep application security expertise. Read on to find out how GitGuardian can help you rise above these!
GitHub Exposed A Private SSH Key: What You Need To Know
Everyone has secrets leakage incidents from time to time, even massive players like GitHub. This is a good reminder we all need to stay vigilant and embrace the right tools to help us stay safe.
The State of Secrets Sprawl 2023
In 2022, we scanned a staggering 1.027 billion GitHub commits! How many secrets do you think we found? For the 3rd year in a row, I am excited to share with you the findings of The State of Secrets Sprawl! This report from my team at GitGuardian is the most extensive analysis of secrets exposed in GitHub and beyond!
GitGuardian incident auto severity scoring
Manual severity assignment requires a case-by-case examination of your open incidents and can be time-consuming for your teams. GitGuardian's severity scoring feature automates this approach, where and when applicable, to the incidents in your workspace so that you can save time on their triaging and prioritization. Automated severity scoring comes in handy after running a historical scan on your perimeter that surfaces hundreds or thousands of incidents. It can help you focus your remediation efforts on the most critical incidents first!
How to Handle AWS Secrets
In this blog post, we'll cover some best practices for managing AWS secrets when using the AWS SDK in Python.
How to Handle Secrets in Jenkins
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Cybersecurity Learning Across Sectors - How ICCWS Brings Academics, Government, And Private Companies Together
The 18th International Conference on Cyber Warfare and Security gave researchers, policymakers, and security professionals a chance to share findings and ideas. Read the highlights.
Store & manage secrets like API keys in Python - Tech Tip Tuesdays
In this video, we explore how to securely manage secrets like API keys, passwords, credential pairs, and other sensitive information in python. We run through the basics of using environment variables and move onto more advanced senarios such as managing different secrets for multiple environments.
The history of Ranswomware - The first ransomware attack in the world
Ransomware is not new, it has been around for more than 30 years but it has changed a lot over the years. This is a snippet from a full webinar on Ransomware with Grzegorz Bak that dives into the most alarming statistics of ransomware and how we can protect ourselves against it. This presentation is thanks to GitProtect which helps make sure your code assets are securely backed up easily.
How Lemontech Protects its Secrets with GitGuardian
A few weeks ago, we had the pleasure of exchanging with Ezequiel Rabinovich, Lemontech's CTO, about how his teams use GitGuardian to protect their secrets.
Understanding Kubernetes Architecture and Components
This is a brief overview of the components that make up the architecture behind a Kubernetes cluster with an explanation of what each one does. This is part of a longer webinar with guest expert Tiexin Guo that explains best security practices to harden your Kubernetes clusters.
Webinar - Secure your IaC, infastrucutre as code best practices for security
The cloud revolution has taken the world, and programming languages, by storm! In 2022, HCL, the HashiCorp Configuration Language, driven by the popularity of Terraform and Infrastructure-as-Code practices, became the #1 fastest-growing language on GitHub! Who would’ve expected that ten years ago?!
Android apps in the PlayStore are leaking their credentials and secrets
How many android applications on the play store are leaking their credentials and secrets! The answer comes from independent research conducted by Cybernews which shows nearly half of all applications on the Play Store are leaking secrets. Vincentas Baubonis, a security researcher from CyberNews joined GitGuardian on a Webinar to detail some research they conducted exploring how android applications are leaking secrets.
The State of Secrets Sprawl 2023
The report reveals an unprecedented number of hard-coded secrets in new GitHub commits over the year 2022. And much more.
GitGuardian Code Security Platform Now Available on AWS Marketplace
With GitGuardian available on AWS Marketplace, we’re making it easier for all organizations using AWS to protect their software supply chain from exposed secrets and credentials.
Configuring Real-time Alerts with GitGuardian
GitGuardian’s real-time monitoring allows alerts to be sent immediately when an incident is detected. This high-level overview walks you through setting up, configuring, and testing alert integrations.
GitHub Restore and Disaster Recovery - Better Get Ready
Protect your business, bounce back from disasters: learn the best practices for a reliable GitHub Restore and Disaster Recovery strategy that ensures business continuity.
Using ggshield Throughout The Software Development Lifecycle - A Developer's View of GitGuardian
Take a tour of how developers commonly use ggshield, the free and open source GitGuardian CLI to find hardcoded secrets. We will also see how developers participate in the remediation process. In this video demo, see: Learn more at docs.gitguardian.com