Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the world of software development, the security of your code is paramount. This is especially true for GitOps shops like Kubefirst, where secrets, tokens, and repositories are constantly being updated and shared. John Dietz, CEO and technical co-founder of Kubefirst, shared his experiences with GitGuardian and how it has become an essential tool in their operations.

AI-assisted coding tools increase your delivery speed… and unfortunately security risks as well.

Open-source components forever changed how we build software, but they are also a prominent security threat, nothing illustrated this better than the recent XZ library incident where the world narrowly avoided a massive supply chain attack. Join Gene Gotimer and Mackenzie Jackson to discuss how we can keep our open-source supply chains secure as we discuss: Security implications of vulnerable open-source components How using automation can help us move toward a secure supply chain How to discover and detect vulnerable components.

Speed up your remediation workflow with GitGuardian's new Advanced Jira Cloud integration: Users have already been able to manually open Jira tickets from the incident view in the dashboard. Now, you can configure GitGuardian to create a new Jira ticket to track any needed development efforts. You can also configure the Jira tickets to resolve an incident in GitGuardian when a specific status is reached. It will mark the associated incident as Resolved so you can stay focused on other work.

In this video, we explore AI package Hallucination. This threat is a result of AI generation tools hallucinating open-source packages or libraries that don't exist. In this video, we explore why this happens and show a demo of ChatGPT creating multiple packages that don't exist. We also explain why this is a prominent threat and how malicious hackers could harness this new vulnerability for evil. It is the next evolution of Typo Squatting.

Welcome to our concise video on ASPM – Application Security Posture Management! In this brief 1-minute video, we unravel the complexities surrounding ASPM, shedding light on its crucial role in safeguarding digital assets and data integrity. ASPM serves as a comprehensive framework for assessing, monitoring, and enhancing the security posture of applications throughout their lifecycle. From development to deployment and beyond, ASPM empowers organizations to proactively identify and mitigate security risks, vulnerabilities, and compliance gaps.

Understanding our supply chain means understanding all the components that make it. But this is harder than it appears. Open-source components make up 80 - 90% of our application's source code, but we must also remember that our open-source components are also made from open-source components, it's like supply chain inception. SCA or Software Composition Analysis is a security tool that looks at your entire supply chain and outlines vulnerabilities, including transitive or downstream dependencies.

In this video, we show exactly how to use AWS Secrets Manager and how to connect it with your Python application. Secrets are hard to manage and while using methods like storing them as environment variables in a.env file can be suitable, a more secure method particularly in a team is to use a secrets manager so developers can avoid ever needing to handle the plain text secret. Subscribe to the channel to get more Tech Tips on Tuesdays (and also other days)

Good news! GitGuardian can now help you find and remediate secrets exposed in Slack channels. You already know us for accurately detecting secrets in your code base. And now, we have extended the real-time detection capability to cover the world's most popular communications platform. Add Slack to your GitGuardian monitored perimeter, and help keep secrets sprawl out of your team communications channels!

In this video we provide a breakdown of the nation-state attack on Microsoft by Russian backed hacking group Midnight Blizzard ( also known as NOBELIUM) that happened between November 2023 and March 2024.