Securing your machine identities means better secrets management
Machine identities make up the majority of the over 12.7 million secrets GitGuardian discovered in public in 2024. Let's look at how we got here and how we fix this.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Secrets Management
Lessons Learned About Secrets Protection After the Sisense Breach
Sisense is a popular monitoring tool that enables users to monitor business metrics from multiple third-party sources in a single dashboard. On April 10, the company informed customers that the sensitive information they entrusted with Sisense may have been compromised and urged them to reset their password and rotate their secrets. According to KrebsOnSecurity, the attackers were allegedly able to access GitLab repositories hosted by Sisense, where hard-coded secrets may have been found.
TruffleHog vs. Gitleaks: A Detailed Comparison of Secret Scanning Tools
TruffleHog and Gitleaks are popular secrets scanning tools that can automatically surface hardcoded secrets such as API keys, passwords, and tokens. They can both be integrated into the Software Development Lifecycle (SDLC) to proactively scan repositories to identify and rectify potential issues before they can be exploited. The need for effective secret detection tools underscores a broader shift toward more secure software development practices.
Why You Should Use Secrets in GitHub Actions
Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.
Zombie Leaks: Unrevoked Secrets Lurking on GitHub
Don't let zombies haunt your security posture.
A guide to developer secrets and shadow IT for security teams
This is the final post in a series about shadow IT. In this series, we’ve detailed how and why teams use unapproved apps and devices, and cybersecurity approaches for securely managing it. For a complete overview of the topics discussed in this series, download Managing the unmanageable: How shadow IT exists across every team – and how to wrangle it.
Managing Secrets Security at any Scale: introducing the GitGuardian Secrets Management Needs Quiz
Leverage our newest quiz to discover the most appropriate approach to managing secrets safely based on where your organization is today and how it will grow in the future.
Manage secrets with AWS Secrets Manager with Python - Tech Tip Tuesday
In this video, we show exactly how to use AWS Secrets Manager and how to connect it with your Python application. Secrets are hard to manage and while using methods like storing them as environment variables in a.env file can be suitable, a more secure method particularly in a team is to use a secrets manager so developers can avoid ever needing to handle the plain text secret. Subscribe to the channel to get more Tech Tips on Tuesdays (and also other days)
Detect secrets in Slack channels with GitGUardian
Good news! GitGuardian can now help you find and remediate secrets exposed in Slack channels. You already know us for accurately detecting secrets in your code base. And now, we have extended the real-time detection capability to cover the world's most popular communications platform. Add Slack to your GitGuardian monitored perimeter, and help keep secrets sprawl out of your team communications channels!
The State of Secrets Sprawl 2024
State of Secrets Sprawl Report Reveals 12.8M New Secrets Occurrences Detected in 2023; Up 28% From 2022. The study reveals a concerning trend: more than 90% of the secrets remain valid 5 days after being leaked.