Cheat sheets How to improve your Docker containers security [cheat sheet included] Containers are no security devices. That's why we've curated a set of easily actionable recommendations to improve your Docker containers security. Check out the one-page cheat sheet.
Guardians Leading R&D in a tech company Henri shared with us how, coming from a statistical background, he decided to join GitGuardian to build the best secrets detection engine.
DevSecOps Credential Access - Breaking down the MITRE ATT&CK framework This article discusses the 15 credential access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
DevSecOps How Adding Security into DevOps Accelerates the SDLC (Pt. 2) Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.
Red Team Chronicles Red Team Chronicles Episode 3 - The illusion of the fortress Building a fortress is a strategy from the past. Mobility, remote working, cloud and SaaS have made the delineation between internal and external networks almost impossible. This episode reviews how attackers use fortress against organizations.
DevSecOps How Adding Security into DevOps Accelerates the SDLC (Pt. 1) Part one of a deep dive into SDLC and how it evolved to become what we call DevOps. Let's find out how adding security actually accelerates it.
Tutorials Setting up a pre-commit git hook with GitGuardian Shield In this tutorial we are going to run through how to create a pre-commit git hook using GitGuardian Shield to detect secrets before they enter your repository.
Best practices Security in Infrastructure as Code with Terraform — Everything You Need to Know With DevOps, we try to manage our infrastructure using pure code. Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial. This article looks at how we can keep our infrastructure as code secure.
Red Team Chronicles Red Team Chronicles Episode 2 - There is no such thing as a “miracle solution” In episode 2 of the Red Team Chronicles, we talk with Philippe about the one size fits all security claims some vendors make and how hackers use this to get into systems undetected.
Breach explained Codecov supply chain breach - explained step by step Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.
Red Team Chronicles Episode 1 - Meet Philippe - Our Red Team Chronicles expert The Red Team Chronicles follows pentester and entrepreneur Philippe as we look into his hacking playbook. In episode one, we look at how Philippe started his journey to become a pentester.
Customer Stories CISO Live - Yury Koldobanov from Mirantis Mirantis helps organizations ship code faster on public and private clouds. Director of IT Yury Koldobanov at Mirantis explains how GitGuardian has helps them keep their code secure.
DevSecOps Initial Access Techniques - MITRE ATT&CK This article discusses the 9 initial access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
Guardians The journey to becoming a backend engineer at GitGuardian Samuel is a backend engineer working on expanding PII detection within GitGuardian's secrets team. Samuel studied software engineering at EISTI in Paris specializing in cybersecurity and shared with us the journey he took to work at GitGuardian.
Best practices Data Security — an Introduction to AWS KMS and HashiCorp Vault While Vault and KMS share some similarities, for example, they both support encryption, but in general, KMS is more on the app data encryption / infra encryption side, and Vault is more on the secrets management / identity-based access side.
Conferences Highlights from the 2021 RSA conference - The modern day bank heists The modern day bank heists illustrates high-level concepts around security and promotes a change in how we think about security, build defense systems and react to active threats.
Conferences Highlights from the 2021 RSA conference - Attack and defend a unique approach to exploiting credentials Presentation of the talk at the RSA conference by Johannes Ullrich and Jason Lam: Attack & Defend: Protecting Modern Distributed Applications and Components.
Product News Making developers part of security with GitGuardian’s new Dev in the loop feature GitGuardians “Dev in the loop” is another step towards bringing this into reality with a practical feature that improves the workflow of remediating a secret incident between developers and security teams.
DevSecOps An Introduction to DevSecOps - Tackling Security with DevOps & Why It Accelerates Your SDLC This article introduces DevSecOps, making security part of the entire software development process. It outlines why having a DevSecops approach not only makes the software more secure but also why it can speed up the development process.
DevSecOps Shift Left - Moving security to the development phase - the case of secrets detection in code repositories With the expansion of the DevOps and DevSecOps models, the concept of “shift left” in the context of the development lifecycle has become quite popular. This article looks at practical ways organizations implement a Shift Left approach to development.
DevSecOps A Comprehensive Application Security Program - What it should include Application security, known as AppSec, has become an extremely important part of the security program. This article looks at what makes a mature and comprehensive AppSec program.
Product News GitGuardian Internal Monitoring - New and improved integrations with your favorite CI/CD and SIEM tools GitGuardian is releasing exciting new integrations for your favourite CI/CD and SIEM tools to help integrate GitGuardian into your SDLC seamlessly.
Guardians GitGuardian onboarding experience. Feedback from an Account Executive! To give you some insights on how onboarding is done at GitGuardian we have asked one of our Account Executive, Alexis, to share his experience.
Best practices How to safely open-source internal software - Some best practices On this post we’ll be focusing on a few essentials that should be done before making your project open-source.
Guardians Working as a backend developer at GitGuardian João is a data and software engineer who works as part of the internal monitoring product team at GitGuardian. João also leads GitGuardian’s API development and GitGuardian’s open-source tools.
![How to improve your Docker containers security [cheat sheet included]](/content/images/size/w600/2021/07/21W30-Blog-Docker-Security-Cheatsheet-Final.jpg)
