Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This is a brief overview of the components that make up the architecture behind a Kubernetes cluster with an explanation of what each one does. This is part of a longer webinar with guest expert Tiexin Guo that explains best security practices to harden your Kubernetes clusters.

The cloud revolution has taken the world, and programming languages, by storm! In 2022, HCL, the HashiCorp Configuration Language, driven by the popularity of Terraform and Infrastructure-as-Code practices, became the #1 fastest-growing language on GitHub! Who would’ve expected that ten years ago?!

How many android applications on the play store are leaking their credentials and secrets! The answer comes from independent research conducted by Cybernews which shows nearly half of all applications on the Play Store are leaking secrets. Vincentas Baubonis, a security researcher from CyberNews joined GitGuardian on a Webinar to detail some research they conducted exploring how android applications are leaking secrets.

GitGuardian’s real-time monitoring allows alerts to be sent immediately when an incident is detected. This high-level overview walks you through setting up, configuring, and testing alert integrations.

Take a tour of how developers commonly use ggshield, the free and open source GitGuardian CLI to find hardcoded secrets. We will also see how developers participate in the remediation process. In this video demo, see: Learn more at docs.gitguardian.com

learn how to create AWS Honey Tokens that alert you when someone attempts to use them. Honey tokens are API or access keys that are real but harmless and can be used as an early warning system to know when an intruder has made it into your system. In this video, we run through the simple steps to be able. to create your very own AWS Honey Tokens using an open-source project and all your own infrastructure.

Software has eaten the world, including our infrastructure. While there are a lot of advantages to Infrastructure as Code, IaC, there are new dangers as well. An unnoticed misconfiguration or security issue in one file can quickly replicate issues throughout all of your environments.

In 2021, GitGuardian scanned over 1 billion data points on GitHub.com, and the results were stunning. More than 6 million secrets – think API keys, database connection strings, and private certificates – were exposed on the platform! Even more striking is the share of secrets and sensitive data exposed on the personal repositories of developers or open-source projects, of which SecOps teams lack visibility and control.

If you have ever run a secrets scanner against your entire codebase, it has likely raised hundreds if not thousands of findings, leaving you wondering, "Where should I start?" Unlike other vulnerabilities, hardcoded secrets represent a threat by themselves whether your code is running or not. Attackers with access to a repository will scan it inside out for secrets, turning every occurrence into a risk you cannot ignore. Still, this does not mean that you should treat all incidents equally!

Understanding your perimeter is an important part of eliminating secrets sprawl. In this short video, you will learn how GitGuardian defines your perimeter when using the GitGuardian Internal Monitoring Platform.