Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How are you scanning for configuration issues in your Terraform projects? Using ggshield, the GitGuardian CLI, developers can quickly find and fix over 70 common vulnerabilities in their infrastructure as code projects.

Secrets sprawl is showing no signs of a slowdown. Last month, we revealed 1 in 10 code authors exposed a secret on GitHub in 2022, collectively leaking 10 million secrets (you read that right, T-E-N) on the platform. This time, we're stepping beyond the data. We went on a (virtual) field trip and asked 500+ CISOs and engineering leaders how they currently deal with hardcoded secrets, how they intend to solve their organization's secrets management puzzle, their top priorities and investment areas in AppSec and Dev tooling, and many other questions!

Jason Haddix is the CISO of BuddoBot and former CISO/Head of Security at UbiSoft. In this clip Jason explores why a comprehensive secrets management program is absolutely vital for a organizations. He walks us through his 4 step secrtes management plan he has rolled out to Detect, Prevent, Respond and Educate. Today Jason puts together his cyber leadership skills with his penetration testing background as the CISO of BuddoBot, a world class red team as a service organization that is designed to emulate and prepare your organization for real world attacks.

In this short we look at the three components that make up docker, the docker file, docker image and docker container.

CEO of socket shares his thoughts on why the supply chain is the biggest risk for 2023 and how we can secure it. This interview was part of an entire episode on The Security Repo podcast dedicated to the insights from the 2023 RSA conference.

GitHooks are a great way of automating tasks and checking information while using git. These hooks are both powerful surprisingly easy to create yourself. In this video tutorial we run through how git hooks work and create both local and global git hooks which can call an API, use grep to find keys and call local package.

Hacker Adriel Desautel explains why honey pots are such an effective tool to use against malicious threat actors. Adriel is a legendary personality in the security and hacking communities, today as the founder and CEO of Netraguard he, along with his team, conduct real world penetration tests on organizations of all sizes. This clip is part of an episode in The Security Repo Podcast where white hat hackers Noah Tongate and Adriel Desautel give real world advice on how to protect yourself against 'people like them'.

OpenAi have confirmed they have had a data breach involving a vulnerability inside a open-source dependency Redis. This allowed threat actors to see history from other active users. But this leads to the bigger question, how can we secure ChatGPT. In this video I explain my position using some interesting data that ChatGPT should be part of all organizations threat landscape and that banning ChatGPT won't help the situation.

You may have noticed the.git directory sitting in your repo but not understood exactly what this is. These folders can contain lots of sensitive information so it's important to know what they do!

What is the biggest security threat for 20233 and how can we combat it? This is the million dollar question security. GitGuardian developer advocate Mackenzie Jackson had the opportunity to ask Joseoh Carson from Delinea what he expected to come from 2023.