Always Be Updating
DevSecOps Engineer Gene Gotimer explains why constant software dependency updates are crucial for security in DevSecOps practices.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
July 2024
Agile2024: Making Sure Security Is Part Of Our Processes
What does Agile have to do with improving security? A lot! Explore highlights from Agile2024, including technical health, productive meetings, and addressing shadow IT.
Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more
Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the noise.
Delivering Security on Your Terms: An Intro to Self-Hosted
Join us for a comprehensive webinar on self-hosted solutions, featuring industry experts Romain Jouhannet from GitGuardian, Adrian Mouat from Chainguard and Chuck D'Antonio from Replicated.
Securing Containers with Seccomp
In this article we present a novel way to protect your container applications post-exploitation. This additional protection is called Seccomp-BPF.
Better Security and Performance For Free? Why PostgreSQL is Amazing
Upgrade your PostgreSQL instance to the newest version with confidence! In this benchmarking blog post, we show you the performance improvements you can expect when upgrading from PostgreSQL 13 to 16.
H1 SCA Roundup - Defending Users Against Constantly Evolving Cyber Threats
Learn more about GitGuardian SCA commitment and fast adaptation strategies to safeguard the software supply chain of its users.
CodeSecDays 2024: A Deep Dive in Software Supply Chain Security
Explore key insights from CodeSecDays 2024 on software supply chain security. Learn about AI in DevSecOps, SLSA frameworks, developer-security collaboration, and secrets management. Discover strategies for a more secure digital future.
Find And Remediate Secrets In Confluence Cloud With GitGuardian
Good news! GitGuardian can now help you find and remediate secrets exposed in Confluence Cloud. We have helped thousands of teams remediate plaintext secrets in their codebases and tools like Jira and Slack. Now, we have extended the real-time detection capability of our platform to cover this popular wiki, collaboration, and knowledge-sharing platform. Once integrated, GitGuardian will alert you about plaintext credentials is accidentally posted to Confluence Cloud spaces, pages, blogs, and comments.
Safeguarding Your Collaboration Tools: Tackling the New Favorite Targets of Attackers
Secrets in collaboration tools are becoming prime targets for attackers. Reduce your attack surface by extending GitGuardian automated secrets detection capabilities to Slack, Jira, Confluence, or Microsoft Teams. Ensure security wherever your teams collaborate!
Introducing GitGuardian's Remediation Location & Tracking
Remediation is one of the most challenging aspects of fighting secrets sprawl. Finding exactly the right code to address and then tracking when and how it was fixed can get cumbersome, Especially when dealing with multiple projects and teams. We are proud to Introduce Remediation Location and Tracking to your GitGuardian incidents detail view. With our new Pinpoint location within the Impacted Perimeter view, the platform will organize issues all fixable incidents into the new "Require code fixing" tab helping developers concentrate their efforts.
Fix Your Code, Track the Remediation
Enhance your secrets remediation process with GitGuardian’s new features: pinpoint the locations needing code fixes and track the progress in real time. Discover how these tools can boost efficiency, enhance collaboration, and shorten remediation times.
Year in Review: GitGuardian's Own Security Team
GitGuardian's Lead security engineer, Kayssar Daher, shares his team's successes, challenges, and results of the past year.
Managing AWS IAM with Terraform
Get started with IAM by using Terraform to create users, groups, and policies.
The Runtime Secrets' Security Gap
The last mile in secrets security is securing secrets in workloads. Discover a new way to securely deliver encrypted secrets in your infrastructure with innovative open-source tools, and say goodbye to plaintext secrets.
CVE of the month, the supply chain vulnerability hidden for 10 years CVE-2024-38368
For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368.
Secrets in Plain Sight: Unveiling over 1 million secrets on public websites
Join us at CodeSecDays for an insightful session with Cybernews researcher Vincentas Baubonis, who will reveal how their team discovered 1,141,004 secrets across 58,364 websites. Learn how exposed environment (.env) files containing passwords, API keys, and email credentials can lead to data breaches and site takeovers. We’ll discuss common leaked secrets like database credentials and AWS keys, and their impact, and share research methodology, ethical considerations, and steps to prevent exposure.
Balancing AI Performance and Safety: Lessons from PyData Berlin
Would you trust AI to call 911? GitGuardian's ML engineer Nicolas posed this question at PyData Berlin, sparking a discussion on integrating ML into critical systems, debunking AI myths, and balancing innovation with safety in AI deployment.