|
By Dwayne McDaniel
Speakers made it clear that agentic AI is already operating across enterprise workflows. Learn why identity must govern ownership, permissions, actions, and accountability.
|
By Anna Nabiullina
The pace is not slowing down. Between May 18 and June 1, 2026, four distinct supply chain campaigns swept through npm, PyPI, Crates.io, GitHub Actions, and Composer.
|
By Kevin Westphal
By rewriting our secret detection engine in Rust, we made our engine more than three times as fast. But not without making it four times slower along the way.
|
By Greg Bulmash
Compare the best secrets management tools for 2026. Reviews of open source, multi-cloud, Kubernetes, and DevOps secrets management solutions for enterprise teams.
|
By Dwayne McDaniel
This year's report shows how credential sprawl across DevOps, SaaS, CI/CD, the cloud, and developer laptops turns initial access into operational impact.
|
By Dwayne McDaniel
In an AI-assisted development era, the third edition of BSides312 showed why trust, identity, access, evidence, and community remain core to security work.
|
By Gaetan Ferry
Code from GitHub and Grafana is in criminal hands. Secrets buried inside could open doors no one is thinking of protecting yet, and AI will make hunting 0-days in that private code faster than ever.
|
By Guillaume Valadon
A single leaked Kubernetes credential rarely stays in the cluster. It opens the registry credentials, private Docker images, and private GitHub repositories behind it. In Q1 2026 alone, our detectors caught close to 2,000 new such leaks on GitHub, 28% valid at leak time.
|
By Guillaume Valadon
On May 14, GitGuardian found a public GitHub repository called "Private-CISA" — 844 MB of plain-text passwords, AWS tokens, and Entra ID SAML certificates belonging to CISA, exposed since November 2025. Some credentials were still valid. CISA pulled it offline within 26 hours.
|
By Dwayne McDaniel
Security leaders at this SF area Summit examined AI agent risk, dependency governance, stale infrastructure, and the future of secure software.
|
By GitGuardian
GitGuardian’s improved search bar helps teams cut down triage time by turning incident search into a single, faster workflow. Use it to safely search for matching secret values, audit incidents by author, find leaks in specific files, filter by source, and use AI Filters to ask for what you need in plain English. It is available now for all workspaces and for all plan levels. But you will need to activate AI Filters manually.
|
By GitGuardian
If the LLM hits a security constraint that’s in the way of delivering what you asked for, it will silently fail. It will go around that security constraint and hardcode secrets.
|
By GitGuardian
We are excited to announce the release of the GitGuardian Visual Studio Code Extension version 0.23.0! Aside from updating the tool to use the latest version of ggshield, it now can show all findings in a convenient list view int he primary sidebar.
|
By GitGuardian
ggshield 1.51 is here with better support for AI-powered development and browser-less environments. This release adds Codex hook support, MCP server detection across Claude and Cursor, and `ggshield auth login --method oob` for SSH sessions and headless servers. It also strengthens trust in the ggshield supply chain with GitHub Artifact Attestations for release binaries, improves plugin management through your authenticated GitGuardian instance, adds a `vscode` alias for Copilot hook installation, and shows workspace ID in `ggshield api-status`.
|
By GitGuardian
AI coding assistants like Claude Code and Cursor are helping developers write more code faster, but that also means more chances for secrets to slip into prompts, files, commits, and tool outputs. GitGuardian’s new open-source **agent-skills** repository teaches AI agents how to use **ggshield** directly inside the developer workflow: when to scan, how to read findings, and how to guide remediation for leaked credentials.
|
By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
|
By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
|
By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
|
By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
- June 2026 (9)
- May 2026 (26)
- April 2026 (25)
- March 2026 (14)
- February 2026 (11)
- January 2026 (16)
- December 2025 (20)
- November 2025 (14)
- October 2025 (16)
- September 2025 (18)
- August 2025 (14)
- July 2025 (10)
- June 2025 (12)
- May 2025 (12)
- April 2025 (18)
- March 2025 (14)
- February 2025 (10)
- January 2025 (19)
- December 2024 (18)
- November 2024 (11)
- October 2024 (15)
- September 2024 (18)
- August 2024 (11)
- July 2024 (18)
- June 2024 (16)
- May 2024 (14)
- April 2024 (17)
- March 2024 (22)
- February 2024 (18)
- January 2024 (18)
- December 2023 (20)
- November 2023 (12)
- October 2023 (14)
- September 2023 (13)
- August 2023 (20)
- July 2023 (14)
- June 2023 (22)
- May 2023 (21)
- April 2023 (15)
- March 2023 (23)
- February 2023 (13)
- January 2023 (13)
- December 2022 (11)
- November 2022 (3)
- October 2022 (5)
- August 2022 (2)
- July 2022 (1)
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:
- There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
- Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
- Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.
Keep secrets out of your source code.