Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ignore false positives safely with ggshield secret ignore

Dec 31, 2025 By GitGuardian In GitGuardian
In this section, we cover what to do when ggshield finds something you don’t actually need to remediate, like a false positive, an intentionally fake credential in a demo repo, or a known non-sensitive test value. ggshield secret ignore lets you mark specific findings as ignored by adding them to the secrets.ignored_matches section of your local configuration. If your repo doesn’t already have a local config file, ggshield will create a.gitguardian.yaml file for you.
View Video
CalCom

What The New CMMC Rules Mean For DoD Contractors

Dec 30, 2025 By Roy Ludmir In CalCom
If your organization does business with the U.S. Department of Defense, or plans to, you need to know about a major change that just went into force. CMMC, or Cybersecurity Maturity Model Certification, is the Department of Defense’s standard for ensuring contractors meet basic cybersecurity requirements. It was designed to protect sensitive government data across the entire defense supply chain. As of November 2025, CMMC is no longer optional.
Read Post

Stop secrets before they leave your laptop (Git hooks + ggshield install)

Dec 30, 2025 By GitGuardian In GitGuardian
Let's look at Git hooks, which is where ggshield really starts paying off in day-to-day developer workflow. Git hooks are built-in automation in Git. When certain events happen, like committing or pushing, Git checks for specific files inside the.git/hooks folder. If a hook file exists, Git runs it automatically. For example, if there’s a file named pre-commit, Git will execute it every time you commit.
View Video

A New Model You Haven't Heard About (GitHub Raptor Mini)

Dec 29, 2025 By Snyk In Snyk
Can an under-the-radar AI tool actually build a secure, functional CRUD note-taking app from scratch? In this video, I put GitHub Raptor Mini to the test to see if it can design, implement, and reason through a real-world CRUD application — including authentication, data handling, and basic security considerations.
View Video

Scan secrets in CI with ggshield (GitHub Actions example)

Dec 29, 2025 By GitGuardian In GitGuardian
Next up is ggshield secret scan ci, the mode built for continuous integration, not your local machine. In this section, we’ll show how CI scanning works and why it’s different. Instead of scanning your whole repo, it scans the set of commits that triggered your pipeline, whether that build came from a direct push or a pull request. That means you catch secrets at the exact moment they’re introduced, before they get merged or released.
View Video
veracode

What is the Difference Between DevOps and DevSecOps?

Dec 29, 2025 By Natalie Tischler In Veracode
For engineering managers, the pressure to deliver software faster has never been higher. You are constantly balancing the need for velocity with the imperative of stability and quality. While DevOps revolutionized the software development life cycle (SDLC) by breaking down silos between development and operations, it left a critical gap: security. In a landscape where cyberattacks are growing in sophistication and frequency, treating security as an afterthought is no longer a viable strategy.
Read Post
armo

MongoBleed (CVE-2025-14847): Unauthenticated Memory Disclosure in MongoDB

Dec 28, 2025 By ARMO In ARMO
A newly disclosed MongoDB vulnerability, tracked as CVE-2025-14847 and informally referred to as MongoBleed, allows unauthenticated remote attackers to leak uninitialized memory from a MongoDB server. A public proof-of-concept exploit is already available, significantly increasing the risk for exposed MongoDB deployments. This post explains how the vulnerability works, what is required to exploit it, and how ARMO helps identify exposure and detect exploitation attempts at runtime.
Read Post

Secret scanning with ggshield (repo, files, changes, commits, archives, Docker, and PyPI)

Dec 26, 2025 By GitGuardian In GitGuardian
Now we’re getting to the heart of ggshield: secret scanning. In this section, we jump into ggshield secret and its two subcommands, ignore and scan. Ignore makes a lot more sense once you’ve seen scan in action, so we start by learning what ggshield can scan and why it’s so flexible across the development lifecycle. We’ll open the help menu so you can see every scan target available: ggshield secret scan -h.
View Video

Understand the ggshield help menu ( options and global flags)

Dec 24, 2025 By GitGuardian In GitGuardian
Let’s start by learning how to navigate ggshield like any other CLI tool: through its built-in help menu. To see the top-level help, just run ggshield with no options and press enter: ggshield Any time you want help for a specific command, add -h or --help to the end of that command before hitting enter. ggshield follows a standard command-line pattern you’ll see in many tools: ggshield ... If you’re new to CLIs, here’s what that means: ggshield is the program you’re running. are the extra details the command needs, like a path or filename.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.