all tags
Lessons from Lapsus - CISO on Building a comprehensive secrets management program

Lessons from Lapsus - CISO on Building a comprehensive secrets management program

Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.

Platform Engineering and Security: A Very Short Introduction

Platform Engineering and Security: A Very Short Introduction

Is DevOps really dead? Learn about the rise of platform engineering and how it differs from DevOps in terms of self-service capabilities and automation. Discover how security fits into this new paradigm and the benefits of platform engineering for software development teams of various sizes.

We’re Teaming Up With Snyk to Strengthen Developer Security!

We’re Teaming Up With Snyk to Strengthen Developer Security!

The new partnership enables Snyk and GitGuardian to build, integrate and go to market together to help development and security teams scale their security programs and significantly reduce their applications' attack surface at every stage of the code-to-cloud lifecycle.

How to Handle Secrets in Terraform

How to Handle Secrets in Terraform

DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.

Quality Assurance Engineering at GitGuardian

Quality Assurance Engineering at GitGuardian

Learn about the day-to-day life of a QA engineer and the different techniques and processes used by the QA engineering team at GitGuardian to ensure high-quality products.

How We Built a Supply Chain Security Watchtower: Meet SaaS-Sentinel

How We Built a Supply Chain Security Watchtower: Meet SaaS-Sentinel

SaaS-Sentinel is a free monitoring platform that notifies users when their favorite tool might be under attack, helping them stay on top of supply chain risks. Here is the full story of this innovative project that seeks to democratize the use of honeytokens. Join the adventure today!

How to Handle Secrets in Kubernetes

How to Handle Secrets in Kubernetes

This blog post covers creating, storing, and using secrets in Kubernetes, encryption, RBAC, and auditing. It introduces Kubernetes External Secrets and best practices to enhance security. Let's dive in!

Supply Chain Security: Secrets and Modern Security Frameworks (Part III)

Supply Chain Security: Secrets and Modern Security Frameworks (Part III)

In this final part, we'll discuss more software supply chain security frameworks and the critical role of secrets detection in them. We'll explore the NIST SSDF, SLSA, and OSC&R frameworks and how they cover the topic of secrets in software supply chain security.

Best Practices for Securing Infrastructure as Code (IaC) in the DevOps SDLC [cheat sheet included]

Best Practices for Securing Infrastructure as Code (IaC) in the DevOps SDLC [cheat sheet included]

Discover the best practices and tools to secure your infrastructure as code (IaC) throughout the DevOps software development lifecycle. From threat modeling to monitoring, this comprehensive guide offers valuable insights to improve the security, reliability, and consistency of your IaC.

GitHub Actions Security Best Practices [cheat sheet included]

GitHub Actions Security Best Practices [cheat sheet included]

Learn how to secure your GitHub Actions with these best practices! From controlling credentials to using specific action version tags, this cheat sheet will help you protect against supply-chain attacks. Don't let a malicious actor inject code into your repository - read now!

Launching GitGuardian Honeytoken: your powerful ally in detecting supply chain breaches!

Launching GitGuardian Honeytoken: your powerful ally in detecting supply chain breaches!

What if you could detect intrusions and code leaks in your software supply chain? Introducing GitGuardian Honeytoken, the solution that protects your software supply chain against potential intrusions on SCM systems, CI/CD pipelines, software artifact registries, and more.

GitGuardian Secrets Detectors Q1 2023 Wrap-Up

GitGuardian Secrets Detectors Q1 2023 Wrap-Up

GitGuardian's Q1 wrap-up highlights our progress in detecting secrets, introducing new secret detectors, and committing to code security. With six new detectors released in Q1, GitGuardian remains the go-to solution for developers looking to write more secure code.

Cyphercon 6

Cyphercon 6

Nearly 1500 cybersecurity professionals gathered in Milwaukee for Cpyphercon 6. Read the highlights from the largest hacker event in Wisconsin

arrow-down