Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

gitguardian

OpenClaw (Moltbot) Personal Assistant Goes Viral - And So Do Your Secrets

Jan 29, 2026 By Guillaume Valadon In GitGuardian
Early 2026, Moltbot a new AI personal assistant went viral. GitGuardian detected 200+ leaked secrets related to it, including from healthcare and fintech companies. Our contribution to Moltbot: a skill that turns secret scanning into a conversational prompt, letting users ask "is this safe?".
Read Post
miniorange

What is Secrets Management: An Essential Guide to Securing Credentials in Modern DevOps

Jan 19, 2026 By Chaitali Avadhani In miniOrange
We are surrounded by generative AI tools, cloud-based solutions, and AI assistants that often perform functions for us. We tend to share data with them for smoother operations and to automate our work for enhanced productivity. The non-human tools are a playground for cybercriminals to access the data and damage critical infrastructures. So, it is paramount for us, especially organizations, to protect the shared information, along with the access rights of the non-human entities.
Read Post

Ignore false positives safely with ggshield secret ignore

Dec 31, 2025 By GitGuardian In GitGuardian
In this section, we cover what to do when ggshield finds something you don’t actually need to remediate, like a false positive, an intentionally fake credential in a demo repo, or a known non-sensitive test value. ggshield secret ignore lets you mark specific findings as ignored by adding them to the secrets.ignored_matches section of your local configuration. If your repo doesn’t already have a local config file, ggshield will create a.gitguardian.yaml file for you.
View Video

Stop secrets before they leave your laptop (Git hooks + ggshield install)

Dec 30, 2025 By GitGuardian In GitGuardian
Let's look at Git hooks, which is where ggshield really starts paying off in day-to-day developer workflow. Git hooks are built-in automation in Git. When certain events happen, like committing or pushing, Git checks for specific files inside the.git/hooks folder. If a hook file exists, Git runs it automatically. For example, if there’s a file named pre-commit, Git will execute it every time you commit.
View Video

Scan secrets in CI with ggshield (GitHub Actions example)

Dec 29, 2025 By GitGuardian In GitGuardian
Next up is ggshield secret scan ci, the mode built for continuous integration, not your local machine. In this section, we’ll show how CI scanning works and why it’s different. Instead of scanning your whole repo, it scans the set of commits that triggered your pipeline, whether that build came from a direct push or a pull request. That means you catch secrets at the exact moment they’re introduced, before they get merged or released.
View Video

Secret scanning with ggshield (repo, files, changes, commits, archives, Docker, and PyPI)

Dec 26, 2025 By GitGuardian In GitGuardian
Now we’re getting to the heart of ggshield: secret scanning. In this section, we jump into ggshield secret and its two subcommands, ignore and scan. Ignore makes a lot more sense once you’ve seen scan in action, so we start by learning what ggshield can scan and why it’s so flexible across the development lifecycle. We’ll open the help menu so you can see every scan target available: ggshield secret scan -h.
View Video
apono

Top 7 Secret Scanning Tools for 2026

Dec 24, 2025 By The Apono Team In Apono
Secrets run your applications: API keys, SSH keys, tokens, passwords, database credentials. They reside in repositories, CI/CD pipelines, infrastructure-as-code templates, containers, and even chat logs; one stray commit is enough to expose a path into production. In 2024, abuse of valid account credentials was the initial access vector in roughly 30% of incidents investigated.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.