The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious Docker Hub images.
The Trivy story is moving quickly, and the latest reporting makes one thing clear: this is no longer just a GitHub Actions tag hijack. What started as a compromise of trivy-action, setup-trivy, and the v0.69.4 release has expanded into malicious Docker Hub images.
Plaintext secrets on developer machines create real supply chain risk. Honeytokens provide early detection while stronger identity-based controls are rolled out.
From golden images to agent governance, Chainguard Assemble 2026 focused on how teams can reduce risk by embedding trust, compliance, and security into delivery systems.
GitGuardian’s 5th State of Secrets Sprawl report is here. In this blog, we unpack the key findings behind the 2026 edition, from AI-driven leak growth to the remediation gaps security teams can’t ignore.
When an NHI is compromised, who do you call? GitGuardian NHI ownership eliminates the guessing game with automatic accountability.
Read the takeaways from ConFoo 2026, including putting guardrails where requests happen, auditing tool calls, treat dependency updates like production access.
GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure campaign achieved 97% remediation.
Secrets don’t just leak from Git. They accumulate in filesystems, env vars, and agent memory. See how to find them, stop the bleed, and protect your whole supply chain
Anthropic's Claude Code Security launch sent shockwaves through cybersecurity markets. As GitGuardian's CEO, here's why I believe the real battle has shifted from code vulnerabilities to identity and secrets management in the AI era.
In this article, we will explore the hot topic of securing AI-generated code and demonstrate a technical approach to shifting security left for cloud AI agents by using Model Context Protocol (MCP) tools.
Vault sprawl means duplicated secrets, fragmented access, and unclear ownership. Learn how GitGuardian's NHI Governance restores control across the enterprise.
Let's take a closer look at the fragmented NHI inventory from a site reliability engineer's perspective.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
