|
By C. J. May
Configuration management tools like Ansible, Chef, and Puppet offer various methods for handling secrets, each with inherent trade-offs. The article explores these approaches alongside modern OIDC-based solutions that enable short-lived authentication tokens for automated processes.
|
By Dwayne McDaniel
The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.
|
By Ferdinand Boas
Secrets with excessive permissions are a goldmine for attackers. GitGuardian Secrets Analyzer helps security teams identify overprivileged secrets, analyze permissions, and shrink the attack surface.
|
By Dwayne McDaniel
At BSides Austin 2024, experts shared solutions for AI safety, cloud logging, systemic security planning, and effective executive collaboration strategies.
|
By Guillaume Valadon
On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian’s data, we reconstructed deleted commits, connecting the dots with the initial analysis. This investigation highlights the value of GitGuardian’s data in understanding supply chain attacks.
|
By GitGuardian
By bringing order to fragmented secrets ecosystems, GitGuardian secures the lifecycles of Non-Human Identities across environments.
|
By Ferdinand Boas
Struggling with fragmented secrets management and inconsistent vault practices? GitGuardian new multi-vault integrations provide organizations with centralized secrets visibility, reduce blind spots, enforce vault usage and fight against vault sprawl.
|
By Soujanya Ain
Discover how GitGuardian is redefining non-human identity (NHI) security with comprehensive secrets security and governance solutions to protect against modern threats.
|
By Tiexin Guo
Securely managing secrets within the CI/CD environment is super important. Mishandling secrets can expose sensitive information, potentially leading to unauthorized access, data breaches, and compromised systems.
|
By Guardians
How to make your Celery tasks more resilient with best practices to prevent workflow interruptions and handle various failure scenarios.
|
By GitGuardian
If you are using ServiceNow for centralized incident management and SecOps, We have some good news. You can now configure ServiceNow issues to synchronize with GitGuardian incidents. Once configured, you will be able to send incident data from GitGuardian and map it to ServiceNow issues triggering your preferred workflows. And, if properly configured, you can update GitGuardian incidents directly from ServiceNow Issues.
|
By GitGuardian
Introducing The GitGuardian Secret Analyzer GitGuardian has always helped you find your leaked secrets, but now GitGuardian can also quickly reveal the permissions of your secrets. One of the first questions any security team needs to ask itself when a secret is leaked is "What exactly could an attacker do with it?" Does it grant read-only access or does it have permissions to write or delete data? At the same time, understanding the correct scope needed for replacing a credential can take a long time, as all too often, the permissions originally granted are poorly documented, if at all.
|
By GitGuardian
We are proud to announce our new Auto-ignore false positive playbook. We've added this new automated Playbook to the GitGuardian Secret Detection platform to eliminate false positives from your incident queue and help you focus on actionable alerts. In the summer of 2024, we released FP remover, our internal machine learning model, that can significantly reduce false positives by understanding code context and semantics. In our testing it eliminates up to 80% of false positives.
|
By GitGuardian
We're updating your GitGuardian Workspace user interface, introducing a new sideba experience to make it even easier to navigate and take advantage of our secrets detection platform. We look forward to you using the updated GitGuardian UI to help eliminate secrets sprawl in your organization.
|
By GitGuardian
Check out this insightful discussion on the realities of secrets management, featuring Grace Law, Principal Security Engineer in Application Security at a large insurance company, and Chris Smith, Product Marketing Director for Machine Identities & DevSecOps at CyberArk. Together, they’ll share real-world experiences and strategies for overcoming the most pressing challenges in secrets management and security.
|
By GitGuardian
ARMO, a cloud-native security company, has been able to strengthen its security posture and ensure the protection of its client's data, thanks to GitGuardian. The company's CTO and co-founder, Ben Hirschberg, shared his experience of how GitGuardian has helped them close a significant security gap and instill a culture of security awareness throughout the organization.
|
By GitGuardian
We are very proud to announce that you can now easily provide your own custom remediation messages in ggshield, the GitGuardian CLI. Earlier versions of ggshield offered the same general remediation advice to all users if a secret was detected when using git hooks for automated scanning.
|
By GitGuardian
Do you hate false positives in your secrets scan results? We do too. GitGuardian has introduced a whole new approach to eliminating false positives, eliminating them by around 50% so far. And we are just getting started! GitGuardian's Machine Learning experts and Secret Detection team have created "FP Remover", a new in-house machine learning model that significantly reduces false positives by understanding code context and semantics while enforcing security and privacy best practices.
|
By GitGuardian
Supply chain security can be a struggle. The GitGuardian Source Composition Analysis module scans your project's dependencies, comparing them against public repos. If it finds any matches between your internal packages and public ones, it flags them as potential dependency confusion risks.
|
By GitGuardian
GitGuardian SCA makes it easier than ever to build and group your SBOMs while staying up to date with any changes. Our Software Composition Analysis tool, better known as GitGuardian SCA, lets you instantly download up-to-date Software Bills of Material with the touch of a button. No more guessing if things have changed between the last version someone else generated and now. You'll never need to ask your developers to generate a fresh SBOM again.
|
By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
|
By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
|
By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
|
By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- December 2024 (15)
- November 2024 (11)
- October 2024 (15)
- September 2024 (18)
- August 2024 (11)
- July 2024 (18)
- June 2024 (16)
- May 2024 (15)
- April 2024 (17)
- March 2024 (22)
- February 2024 (18)
- January 2024 (18)
- December 2023 (20)
- November 2023 (12)
- October 2023 (14)
- September 2023 (13)
- August 2023 (20)
- July 2023 (14)
- June 2023 (22)
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (14)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.