Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious Docker Hub images.

Plaintext secrets on developer machines create real supply chain risk. Honeytokens provide early detection while stronger identity-based controls are rolled out.

From golden images to agent governance, Chainguard Assemble 2026 focused on how teams can reduce risk by embedding trust, compliance, and security into delivery systems.

GitGuardian’s 5th State of Secrets Sprawl report is here. In this blog, we unpack the key findings behind the 2026 edition, from AI-driven leak growth to the remediation gaps security teams can’t ignore.

When an NHI is compromised, who do you call? GitGuardian NHI ownership eliminates the guessing game with automatic accountability.

Read the takeaways from ConFoo 2026, including putting guardrails where requests happen, auditing tool calls, treat dependency updates like production access.

GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure campaign achieved 97% remediation.

Secrets don’t just leak from Git. They accumulate in filesystems, env vars, and agent memory. See how to find them, stop the bleed, and protect your whole supply chain.

Anthropic's Claude Code Security launch sent shockwaves through cybersecurity markets. As GitGuardian's CEO, here's why I believe the real battle has shifted from code vulnerabilities to identity and secrets management in the AI era.