|
By Dwayne McDaniel
AI assistants are repeating a common Git mistake: committing fixes that remove secrets only from the latest code, not from repository history. GitGuardian AI Skills can help.
|
By Guillaume Valadon
We found 62 live PyPI tokens leaking on public sources, enough to push malicious code to 125 packages with 25,000 monthly downloads. We reported them to PyPI, which revoked every one. Here's how we decoded the macaroons and checked which still worked.
|
By Dwayne McDaniel
This year's event made it clear that as AI agents scale across enterprises, we must solve ownership, delegation, least privilege, and auditability before production risk grows.
|
By Dwayne McDaniel
Sessions at BSidesSATX 2026 connected runtime secrets, cloud identity permissions, compliance evidence, and, ultimately, the human side of security.
|
By Valentin Murat
GitGuardian helps security teams detect leaked secrets across dozens of integrations, all converging in one place: our dashboard. As our data volume grew, some pages started taking several seconds to load.
|
By GitGuardian
GitGuardian is introducing Developer Endpoint Protection, extending its secrets and non-human identity (NHI) security platform coverage to developer workstations.
|
By Soujanya Ain
Developer laptops are the most unmonitored credential store in your stack. GitGuardian's new Endpoint Protection finds every credential on every machine before infostealers do.
|
By Dwayne McDaniel
With these skills, any AI coding assistant, including Claude Code, Cursor, or Codex, can now scan code for secrets and provide guided remediation within developer workflows.
|
By Dwayne McDaniel
The 2026 Kubernetes Community Day in NYC made trust an execution problem, linking zero trust APIs, agent governance, CVE evidence, and sustainable open source work.
|
By Dwayne McDaniel
Non-human identities (NHIs) authenticate pipelines, connect microservices, pull from secret managers, and provision cloud resources around the clock. They are also, for most security teams, almost completely invisible. Because there has never been a single place to see all of them at once.
|
By GitGuardian
Every secret leak matters, but not every incident needs the same level of alerting. GitGuardian’s new Smart Notifiers let teams define per-channel rules so notifications are only sent for the incidents that matter most, using filters like severity, ML risk score, validity, secret type, and GitGuardian tags. This is available now for custom webhooks, Slack, and Microsoft Teams. We will be adding support for ServiceNow, Jira, Splunk, PagerDuty, Discord, and broader email filtering coming next.
|
By GitGuardian
ggshield 1.52.0 and 1.52.2 bring several practical updates for teams securing AI-assisted development workflows. This release adds honeytoken plant, a command for adding local decoy AWS credential profiles Also, GitGuardian AI hooks installation will guide you through any issues you might encounter. As well as better macOS Keychain handling before hooks run in non-interactive agent sessions. The release also adds standalone Linux ARM builds and new one-line install and uninstall scripts for Linux, macOS, and Windows.
|
By GitGuardian
Read the full report here: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
|
By GitGuardian
Read the full report here: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
|
By GitGuardian
GitGuardian Developer Endpoint Protection helps security teams find secrets across any of your organization's laptops. In this walkthrough, Dwayne shows how to install ggshield, enable the machine scan plugin, run a local workstation scan, and review findings in the local dashboard.
|
By GitGuardian
Read the full report here: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
|
By GitGuardian
Read the full report here: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026
|
By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
|
By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
|
By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
|
By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- June 2026 (31)
- May 2026 (26)
- April 2026 (25)
- March 2026 (14)
- February 2026 (11)
- January 2026 (16)
- December 2025 (20)
- November 2025 (14)
- October 2025 (16)
- September 2025 (18)
- August 2025 (14)
- July 2025 (10)
- June 2025 (12)
- May 2025 (12)
- April 2025 (18)
- March 2025 (14)
- February 2025 (10)
- January 2025 (19)
- December 2024 (18)
- November 2024 (11)
- October 2024 (15)
- September 2024 (18)
- August 2024 (11)
- July 2024 (18)
- June 2024 (16)
- May 2024 (14)
- April 2024 (17)
- March 2024 (22)
- February 2024 (18)
- January 2024 (18)
- December 2023 (20)
- November 2023 (12)
- October 2023 (14)
- September 2023 (13)
- August 2023 (20)
- July 2023 (14)
- June 2023 (22)
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (13)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.