Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Enhance your secure coding practices with GitGuardian’s Visual Studio Code extension. Detect secrets in real-time by embedding security into developers' workflows, boosting productivity and ensuring compliance.

On October 9, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. This flaw allows a remote attacker to run pipelines on arbitrary branches within a repository, which could potentially lead to code execution. A GitLab pipeline consists of a series of automated processes that execute in stages to build, test, and deploy code.

Docker Zombie Layers are unreferenced image layers that continue to exist for weeks in registries, even after being removed from a manifest. In this hands-on deep dive, we explore how these layers can persist in registries and why ensuring the immediate revocation of exposed secrets is critical.

GitGuardian introduces European data hosting for its Secrets Detection Platform SaaS, ensuring data sovereignty and GDPR compliance. Discover how our new EU hosting options help enterprises meet regulatory requirements and protect sensitive data with ease.

Takeaways from OWASP Global AppSec SF 2024, covering security tools, AI risks, and strategies for improving application security while empowering developers.

Are you in between personal and work projects or maybe just managing multiple professional accounts from a single machine? Then, this article is here to help you simplify your Git configuration and management processes. Managing multiple GitHub accounts on a single machine doesn’t have to be complicated.

Learn how GitGuardian can help you go from a world of secrets sprawl to a future with secrets-free machine identity frameworks by adopting SPIFFE/SPIRE.

Exciting news! Our first book, "Crafting Secure Software," is now available. Learn how to embed security throughout the SDLC, mitigate risks, and foster a security culture. Get your copy today and level up your software security game!

Discover how exposed your company is on public GitHub, anonymously and for free.

A phishing campaign is targeting GitHub users with phony CAPTCHA pages, according to researchers at McAfee. The phishing emails ask users to address a security vulnerability in a GitHub repository that they recently contributed to, and contain a link to find more information about the alleged vulnerability. This link leads to a fake CAPTCHA page that attempts to trick them into installing malware.