all tags
Security Chats - Jon-Erik Schneiderhan, Senior SRE at a tech company

Security Chats - Jon-Erik Schneiderhan, Senior SRE at a tech company

As Senior SRE, Jon-Erik was aware that many secrets could be hidden in the repositories he supervises, and new ones leaked every day. He told Peerspot how and why he chose GitGuardian and the improvements his team received.

A Brief History of the DMCA

A Brief History of the DMCA

Learn more about the DMCA law and how it applies to digital artifacts like source code.

Securing your SDLC (Software Development Life Cycle)

Securing your SDLC (Software Development Life Cycle)

In this post, we are going to break down the SDLC and look at how we can add security at each stage with helpful resources.

Security Chats - What Developers Say About Us

Security Chats - What Developers Say About Us

With more than 170k GitHub users and 4.3M (!) repositories under our shield, GitGuardian is proud to help the developers’ community code safer. Here is what you’ve been telling us lately.

GitHub Actions Security Best Practices [cheat sheet included]

GitHub Actions Security Best Practices [cheat sheet included]

GitHub Actions is an increasingly popular CI/CD platform. They offer powerful and easy-to-access features to build automation right into any GitHub repository. However, they also require special attention to avoid any compromise. Here are the best practices to secure them.

GitGuardian’s New Nest

GitGuardian’s New Nest

GitGuardian is moving! We are happy to share with you some pictures of our great new offices in Paris city center.

Automate security testing in your CI pipelines with GitGuardian and CircleCI

Automate security testing in your CI pipelines with GitGuardian and CircleCI

GitGuardian is now a verified CircleCI technological partner. Use the ggshield orb to run automated secrets detection and remediation in your CircleCI workflows.

Detector of The Month – Stripe webhook secret, April 2022

Detector of The Month – Stripe webhook secret, April 2022

Keep secrets out of your source code. GitGuardian's automated secrets detection now supports Stripe webhook signing secrets.

How To Setup Your Jenkins Pipeline with GitGuardian in Kubernetes

How To Setup Your Jenkins Pipeline with GitGuardian in Kubernetes

In this tutorial, we will show how to integrate GitGuardian Shield to run on one of the most famous CI tools: Jenkins (with a cool bonus!).

How Hackers Used Stolen GitHub Tokens to Access Private Source Code

How Hackers Used Stolen GitHub Tokens to Access Private Source Code

Attackers have used stolen OAuth tokens issued to Travis CI and Heroku to gain access to private git repositories on GitHub. Here we take a look at exactly what happened, why it's significant, and how to mitigate the issue.

Carrying Ambition Through Passion

Carrying Ambition Through Passion

Edouard, GitGuardian's VP Product, is a seasoned cybersecurity specialist who joined GitGuardian to push our DevSecOps solutions to new heights. Find out more about his background and what excited him to become a Guardian.

Investigating, prioritizing, and remediating thousands of hardcoded secrets incidents

Investigating, prioritizing, and remediating thousands of hardcoded secrets incidents

This article aims at providing application security teams with a guide to effectively prioritize, investigate and remediate hardcoded secrets incidents at scale.

Compromising CI/CD Pipelines with Leaked Credentials [Security Zines]

Compromising CI/CD Pipelines with Leaked Credentials [Security Zines]

He struck again! New Security Zine, this time focusing on how leaked Jenkins credentials can lead to a complete supply chain takeover...

9 Extraordinary Terraform Best Practices That Will Change Your Infra World

9 Extraordinary Terraform Best Practices That Will Change Your Infra World

This "best practices" article aims to tell you something you haven't read a hundred times. This article won't give you the answer to everything because there isn't one right answer that fits all. It aims to make you think about your unique situation and make the best decisions in accordance.

Securing Containers with Seccomp: Part 2

Securing Containers with Seccomp: Part 2

This tutorial will guide you through the setup of a GitHub Action generating a Seccomp filter for your application, a cutting-edge security feature for hardening containerized workloads.

Detector of The Month – Redis, March 2022

Detector of The Month – Redis, March 2022

Keep secrets out of your source code. GitGuardian's automated secrets detection supports Redis database credentials.

DevSecOps and the AppSec Shared Responsibility Model

DevSecOps and the AppSec Shared Responsibility Model

In their latest whitepaper, GitGuardian examines why implementing DevSecOps at scale to protect the modern software factory means evolving traditional AppSec. Read more to learn how the shared responsibility model adoption will unlock security in an agile world.

Latest from Lapsus$, Reviewing the Microsoft Breach

Latest from Lapsus$, Reviewing the Microsoft Breach

Lapsus$ has continued its prolific pace of breaches now leaking internal source code from 250 Microsoft projects. GitGuardian analyzed the code looking for secrets sprawl.

Secrets in Git Repos [Security Zines]

Secrets in Git Repos [Security Zines]

Security Zines is a comic strip focused on raising awareness around code security topics. This first installment takes a look at the problem of storing secrets in Git repositories, and why it's such a bad idea...

Securing Containers with Seccomp: Part 1

Securing Containers with Seccomp: Part 1

In this article we present a novel way to protect your container applications post-exploitation. This additional protection is called Seccomp-BPF.

Samsung and Nvidia are the latest companies to involuntarily go open-source leaking company secrets

Samsung and Nvidia are the latest companies to involuntarily go open-source leaking company secrets

Nearly 200GB of source code from Samsung and the source code from Nvidia's latest DLSS technology has been published online by The Lapsus$ hacking group. Internal source code being leaked online by adversaries is happening with alarming regularity in recent years. Only a few

The State of Secrets Sprawl 2022

The State of Secrets Sprawl 2022

In its 2022 report, GitGuardian extends its previous edition focused on public GitHub by depicting a realistic view of the state of secrets sprawl in corporate codebases.

GitGuardian enters the FT120!

GitGuardian enters the FT120!

Every year, the French government and the government-backed initiative La French Tech shares two startup rankings — the Next40 and the French Tech 120. The startups on these lists are the 40 and 120 top-performing French startups.

Detector of The Month – PlanetScale, February 2022

Detector of The Month – PlanetScale, February 2022

Keep secrets out of your source code. GitGuardian's automated secrets detection supports PlanetScale database passwords and tokens.

Security Chats - Don Magee, Security Engineer at a tech services company

Security Chats - Don Magee, Security Engineer at a tech services company

Don, security engineer, considers secrets in source as his n°1 priority. After using GitGuardian for 2 years, read his opinions on the product features.

arrow-down