|
By C. J. May
Identity lifecycle management is one of the most underestimated security risks in many organizations. You may have structured IAM processes that handle the lifecycle of human identities, but what about your non-human identities (NHIs)?
|
By Dwayne McDaniel
The Denver edition of WWHF showcased security insights, from red teaming to DevSecOps. Learn key lessons on collaboration, Git security, and AWS policies.
|
By Dwayne McDaniel
The rise of AI in enterprises has expanded the attack surface. Learn how GitGuardian can help you secure non-human identities and prevent unauthorized access.
|
By Dwayne McDaniel
NHIs outnumber human users in enterprises, yet many IAM strategies ignore them. Learn why CISOs must own NHI governance to prevent security breaches.
|
By Guillaume Valadon
In the past 6 months, our security research team disclosed 24 critical vulnerabilities. Most have been successfully remediated. Our team's contributions to cybersecurity have been formally recognized, with our researchers being listed in both Bayer's and Oracle's Security Researcher Hall of Fame.
|
By Gaetan Ferry
Artifactory token leaks are not the most common, but they pose significant risks, exposing sensitive assets and enabling supply chain attacks. This article explores the dangers of leaked tokens and proposes mitigation strategies, including token scoping and implementing least privilege policies.
|
By Ferdinand Boas
Learn how the F1 score helps you choose the right tool to strengthen your security posture.
|
By Greg Bulmash
If you need to reach PCI DSS 4.0 compliance, GitGuardian has solutions that can help.
|
By Tiexin Guo
Not only API authentication and authorization are the crucial aspects of API security when crafting secure software, but they also impact scalability and user experience.
|
By Dwayne McDaniel
Discover insights learned from CodeMash 2025 community on NHI governance, secrets security, and addressing vault sprawl challenges in enterprise environments.
|
By GitGuardian
GitGuardian can now scan for secrets throughout all your ServiceNow tables and records. GitGuardian now integrates natively with ServiceNow to help your team find and eliminate more than 450 types of secrets that might have been leaked into your instance of the popular process automation platform.
|
By GitGuardian
As the landscape of Non-Human Identities (NHI) continues to expand, managing and securing these identities has become one of the most pressing challenges for organizations today. With automation and the increasing reliance on machine-to-machine communication, the stakes for securing these entities have never been higher. Did you know that over 80% of cloud breaches involve mismanaged or unauthorized machine identities?
|
By GitGuardian
We are happy to announce that our new integration empowers Jira Data Center users to synchronize their GitGuardian incidents with Jira Data Center issues. We have previously integrated with Jira Cloud for issue creation and coordination, but now anyone running their own Jira Data Center installation can reap the same benefits of both automatic and manual creation of Jira issues from your GitGuardian incidents using customized templates. With our auto-resolve feature, you can automatically close GitGuardian incidents when the corresponding Jira issue is closed.
|
By GitGuardian
We are excited to announce that Jira Data Center users can now leverage GitGuardian to perform real-time scanning for secrets in issues and comments. We have supported Jira Cloud with real-time scanning for some time, but now teams that run their own private versions of the popular project management tool, helping teams plan, track, and release work. You can install GitGuardian on multiple Jira Data Center sites to monitor your projects.
|
By GitGuardian
We are proud to announce that BitBucket Cloud users can now leverage the GitGuardian Secrets Detection platform to find hardcoded secrets throughout their existing codebases and actively monitor any code changes for newly leaked credentials. We have supported Bitbucket Data Center and Sever for years, but now, teams managing code on bitbucket.org can reap those same benefits. Integration is very simple and straightforward.
|
By GitGuardian
It is now easier than ever to receive GitGuardian incident alerts directly in any Microsoft Teams channel you want. Introducing the new Microsoft Teams GitGuardian app. If your organization relies on MS Teams to coordinate incident response, it makes sense to get alerts for new incidents as soon as they occur in your same communications platform. After setup, whenever a new incident is detected by GitGuardian, you will get the alert directly in MS Teams.
|
By GitGuardian
Introducing The GitGuardian Secret Analyzer GitGuardian has always helped you find your leaked secrets, but now GitGuardian can also quickly reveal the permissions of your secrets. One of the first questions any security team needs to ask itself when a secret is leaked is "What exactly could an attacker do with it?" Does it grant read-only access or does it have permissions to write or delete data? At the same time, understanding the correct scope needed for replacing a credential can take a long time, as all too often, the permissions originally granted are poorly documented, if at all.
|
By GitGuardian
If you are using ServiceNow for centralized incident management and SecOps, We have some good news. You can now configure ServiceNow issues to synchronize with GitGuardian incidents. Once configured, you will be able to send incident data from GitGuardian and map it to ServiceNow issues triggering your preferred workflows. And, if properly configured, you can update GitGuardian incidents directly from ServiceNow Issues.
|
By GitGuardian
Introducing The GitGuardian Secret Analyzer GitGuardian has always helped you find your leaked secrets, but now GitGuardian can also quickly reveal the permissions of your secrets. One of the first questions any security team needs to ask itself when a secret is leaked is "What exactly could an attacker do with it?" Does it grant read-only access or does it have permissions to write or delete data? At the same time, understanding the correct scope needed for replacing a credential can take a long time, as all too often, the permissions originally granted are poorly documented, if at all.
|
By GitGuardian
We are proud to announce our new Auto-ignore false positive playbook. We've added this new automated Playbook to the GitGuardian Secret Detection platform to eliminate false positives from your incident queue and help you focus on actionable alerts. In the summer of 2024, we released FP remover, our internal machine learning model, that can significantly reduce false positives by understanding code context and semantics. In our testing it eliminates up to 80% of false positives.
|
By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
|
By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
|
By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
|
By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- February 2025 (6)
- January 2025 (19)
- December 2024 (18)
- November 2024 (11)
- October 2024 (15)
- September 2024 (18)
- August 2024 (11)
- July 2024 (18)
- June 2024 (16)
- May 2024 (14)
- April 2024 (17)
- March 2024 (22)
- February 2024 (18)
- January 2024 (18)
- December 2023 (20)
- November 2023 (12)
- October 2023 (14)
- September 2023 (13)
- August 2023 (20)
- July 2023 (14)
- June 2023 (22)
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (14)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.