Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Hardcoding Security into Every Commit: The Future of Snyk Secrets

Apr 23, 2026 By Kate Powers Burke In Snyk
In the modern software development lifecycle, the speed of innovation is often at odds with the security of our most sensitive data. As organizations embrace cloud-native development and AI-generated code, they face a phenomenon known as “secret sprawl”, aka, the uncontrolled and widespread distribution of API keys, passwords, and tokens across repositories, CI/CD logs, and developer collaboration tools.
Read Post

GitGuardian Can Now Monitor Your Gerrit Repositories To Help You Fight Secrets Sprawl

Apr 23, 2026 By GitGuardian In GitGuardian
In this video, Romain Jouhannet, Product Manager at GitGuardian, talks with Dwayne McDaniel, Developer Advocate at GitGuardian about the platform's new native support for Gerrit as a VCS source. Gerrit is widely used for enterprise code review workflows, often hosting sensitive internal repositories. You can now connect your Gerrit instance to GitGuardian to detect secrets exposed across your repositories and commit histories, with the same experience as our other VCS integrations.
View Video
gitguardian

Trivy's March Supply Chain Attack Shows Where Secret Exposure Hurts Most

Mar 24, 2026 By Guillaume Valadon In GitGuardian
The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious Docker Hub images.
Read Post
armo

The Library That Holds All Your AI Keys Was Just Backdoored: The LiteLLM Supply Chain Compromise

Mar 24, 2026 By Ben Hirschberg In ARMO
We just published a deep breakdown of the Trivy supply chain attacks yesterday. Twenty-four hours later, we’re writing about the next one. Same threat actor. Different target. Worse implications. This time it’s LiteLLM, the Python library that acts as a universal API gateway for over 100 LLM providers. If you’re building anything with AI agents, MCP servers, or LLM orchestration, there’s a good chance LiteLLM is somewhere in your dependency tree.
Read Post
gitguardian

The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub

Mar 17, 2026 By Anna Nabiullina In GitGuardian
GitGuardian’s 5th State of Secrets Sprawl report is here. In this blog, we unpack the key findings behind the 2026 edition, from AI-driven leak growth to the remediation gaps security teams can’t ignore.
Read Post
signmycode

What is Secrets Management? Types, Challenges, Best Practices & Tools

Feb 3, 2026 By SignMyCode In SignMyCode
Every day, thousands of developers unknowingly leave the keys to their company’s lying around… in code. It sounds crazy, right? But it happens more often than you think. A single hardcoded AWS access key, an overlooked database password, or an exposed API token on GitHub can be all it takes. And the result? Multi-million-dollar breaches, lost customer trust, and a brand reputation that takes years to rebuild. Hackers don’t need to break in when you leave the door wide open.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.