GitGuardian

Paris, France
2017
  |  By Dwayne McDaniel
RSA 2024 explored AI's impact on security, featuring sessions on AI governance, LLMs, cloud security, and CISO roles. Here are just a few of the expert insights shared.
  |  By Ferdinand Boas
In this guide, we'll walk you through integrating CyberArk Conjur with GitGuardian, step by step.
  |  By Guardians
Few companies take on the challenge of offering a self-hosted option to their customers. GitGuardian has embraced this endeavor for the past three years, encountering numerous challenges along the way, but also unlocking invaluable benefits.
  |  By Guest Expert
Last episode of C.J. May's series on implementing a DevSecOps program: how to harden your software delivery pipelines to maintain robust security measures.
  |  By Dwayne McDaniel
Highlights from the largest ever BSidesSF, which brought cybersecurity professionals together to face the new issues AI brings, advanced threat actors, and scaling security.
  |  By Greg Bulmash
If you need to reach PCI DSS 4.0 compliance, GitGuardian has solutions that can help.
  |  By Greg Bulmash
If you need to keep your data on your network but still want the power and convenience of GitGuardian, we've got you covered.
  |  By Mackenzie Jackson
This month we dive into CVE-2024-27198 for JetBrains TeamCity and the controversy surrounding the patching process that contributed to it being exploited in the wild.
  |  By Greg Bulmash
EO 14028 is bringing a lot of new security documentation requirements with it. Here's how SCA can help with creating that documentation.
  |  By Dwayne McDaniel
Explore insights from PHP experts who gathered from all around the world to discuss web development innovations, embracing change, and securely maintaining our code.
  |  By GitGuardian
Open-source components forever changed how we build software, but they are also a prominent security threat, nothing illustrated this better than the recent XZ library incident where the world narrowly avoided a massive supply chain attack. Join Gene Gotimer and Mackenzie Jackson to discuss how we can keep our open-source supply chains secure as we discuss: Security implications of vulnerable open-source components How using automation can help us move toward a secure supply chain How to discover and detect vulnerable components.
  |  By GitGuardian
Speed up your remediation workflow with GitGuardian's new Advanced Jira Cloud integration: Users have already been able to manually open Jira tickets from the incident view in the dashboard. Now, you can configure GitGuardian to create a new Jira ticket to track any needed development efforts. You can also configure the Jira tickets to resolve an incident in GitGuardian when a specific status is reached. It will mark the associated incident as Resolved so you can stay focused on other work.
  |  By GitGuardian
In this video, we explore AI package Hallucination. This threat is a result of AI generation tools hallucinating open-source packages or libraries that don't exist. In this video, we explore why this happens and show a demo of ChatGPT creating multiple packages that don't exist. We also explain why this is a prominent threat and how malicious hackers could harness this new vulnerability for evil. It is the next evolution of Typo Squatting.
  |  By GitGuardian
Welcome to our concise video on ASPM – Application Security Posture Management! In this brief 1-minute video, we unravel the complexities surrounding ASPM, shedding light on its crucial role in safeguarding digital assets and data integrity. ASPM serves as a comprehensive framework for assessing, monitoring, and enhancing the security posture of applications throughout their lifecycle. From development to deployment and beyond, ASPM empowers organizations to proactively identify and mitigate security risks, vulnerabilities, and compliance gaps.
  |  By GitGuardian
Understanding our supply chain means understanding all the components that make it. But this is harder than it appears. Open-source components make up 80 - 90% of our application's source code, but we must also remember that our open-source components are also made from open-source components, it's like supply chain inception. SCA or Software Composition Analysis is a security tool that looks at your entire supply chain and outlines vulnerabilities, including transitive or downstream dependencies.
  |  By GitGuardian
In this video, we show exactly how to use AWS Secrets Manager and how to connect it with your Python application. Secrets are hard to manage and while using methods like storing them as environment variables in a.env file can be suitable, a more secure method particularly in a team is to use a secrets manager so developers can avoid ever needing to handle the plain text secret. Subscribe to the channel to get more Tech Tips on Tuesdays (and also other days)
  |  By GitGuardian
Good news! GitGuardian can now help you find and remediate secrets exposed in Slack channels. You already know us for accurately detecting secrets in your code base. And now, we have extended the real-time detection capability to cover the world's most popular communications platform. Add Slack to your GitGuardian monitored perimeter, and help keep secrets sprawl out of your team communications channels!
  |  By GitGuardian
In this video we provide a breakdown of the nation-state attack on Microsoft by Russian backed hacking group Midnight Blizzard ( also known as NOBELIUM) that happened between November 2023 and March 2024.
  |  By GitGuardian
If you are using Jira Cloud for issue-tracking and project management, we have some great news! GitGuardian can now help you find and remediate any plaintext secrets found inside your Jira Cloud instance, You can now rely on GitGuardian's real-time secrets detection to find credentials - shared in Jira ticket descriptions, comments, or even titles. Integrating Jira Cloud with GitGuardian is simple, but does requires a Business or Enterprise plan.
  |  By GitGuardian
Explore the industry-first solution designed to empower security and development teams in securing secrets across multi-cloud, DevOps, and containerized environments. Discover innovative use cases, from detecting public GitHub leaks to enforcing secret management policies. Don't miss this opportunity to delve into the future of secrets security with our very own Mackenzie Jackson from GitGuardian and special guests Evan Litwak and David Hisel from CyberArk. Save your spot now for an engaging conversation redefining your approach to secret protection in software development.
  |  By GitGuardian
This white paper outlines our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
  |  By GitGuardian
In this report from Forrester, you will learn how to get better at using Application Security Testing to heighten your developers' security senses.
  |  By GitGuardian
Discover Application Security solutions to further secure the SDLC by implementing automated secrets detection in the DevOps pipeline.
  |  By GitGuardian
In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.

GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.

Secure your software development lifecycle with enterprise-grade secrets detection. Eliminate blind spots with our automated, battle-tested detection engine:

  • There’s no secret we can’t find: With hundreds of built-in secret detectors scanning thousands of git repositories, GitGuardian brings everything to light. Build custom detectors to enhance your scans for secrets unique to your organization.
  • Precise, real-time detection without the hassle: High-efficiency detection proven by billions of commits. GitGuardian is fast, robust, and battle-tested — we’ve scanned over 3 billion commits pushed to public GitHub repositories since 2018.
  • Remediation in hours, not days: GitGuardian unites developer and security teams with cross-functional data for in-depth investigation and remediation. Enable shift-left testing using your existing systems, teams, and processes.

Keep secrets out of your source code.