Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Git

What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary

The U.S. Department of the Treasury suffered a major security incident when a Chinese threat actor compromised its third-party cybersecurity service BeyondTrust. The attackers obtained an API key that allowed them to bypass security measures and access unclassified documents.

Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

The future of eliminating secrets sprawl means getting a handle on the lifecycles and interdependencies of the non-human identities that rely on secrets. Learn how to implement these NHI security measures at scale.

Integrating GitGuardian Incidents With ServiceNow Issues

If you are using ServiceNow for centralized incident management and SecOps, We have some good news. You can now configure ServiceNow issues to synchronize with GitGuardian incidents. Once configured, you will be able to send incident data from GitGuardian and map it to ServiceNow issues triggering your preferred workflows. And, if properly configured, you can update GitGuardian incidents directly from ServiceNow Issues.

Top 14 GitHub Data Risks: Data Loss Scenarios and How to Prevent Them

While GitHub offers robust features, preventing data loss risks requires proactive measures. It’s vital as businesses increasingly rely on GitHub for source code management, safeguarding repositories against data loss, breaches, and operational disruptions. This overview explores the 15 most common data risks and provides actionable strategies for securing repositories and maintaining seamless development workflows. Contents hide 1 Risk 1. Accidental deletion of repositories 2 Risk 2.

Introducing The GitGuardian Secret Analyzer

Introducing The GitGuardian Secret Analyzer GitGuardian has always helped you find your leaked secrets, but now GitGuardian can also quickly reveal the permissions of your secrets. One of the first questions any security team needs to ask itself when a secret is leaked is "What exactly could an attacker do with it?" Does it grant read-only access or does it have permissions to write or delete data? At the same time, understanding the correct scope needed for replacing a credential can take a long time, as all too often, the permissions originally granted are poorly documented, if at all.

Introducing GitGuardian's New Auto-ignore False Positive Playbook

We are proud to announce our new Auto-ignore false positive playbook. We've added this new automated Playbook to the GitGuardian Secret Detection platform to eliminate false positives from your incident queue and help you focus on actionable alerts. In the summer of 2024, we released FP remover, our internal machine learning model, that can significantly reduce false positives by understanding code context and semantics. In our testing it eliminates up to 80% of false positives.