GitGuardian Blog

Red Team Chronicles Episode 4 - No Hidden Information

In this episode, you’ll discover a perfect illustration of the security knowledge gap existing between organizations. Offensive security expert Philippe Caturegli comes across a way too common belief: “nobody will find my scripts or my data because they are very carefully hidden”.

Notes From The Field

What Developers Say About Us

With more than 110k GitHub users and 2.5M (!) repositories under our shield, GitGuardian is proud to help the developers’ community code safer. Here is what you’ve been telling us lately.

Product News

Introducing Presence and Validity Checks in GitGuardian for Internal Repositories Monitoring

Today, we’re introducing Presence Checks in GitGuardian for Internal Repositories Monitoring. For each incident in the dashboard, users will now be able to verify if the leaked secret is still present or if it was completely removed from the git history.

Best practices

Improving the Nation’s Cybersecurity — What is 'Critical Software' and how should it be secured?

The National Institute of Standards and Technology (NIST) under Executive Order (EO) 14028 has launched an initiative to improve the United States Cybersecurity on May 12th, 2021.

Customer Stories

CISO Live - Danny from a Healthcare Tech Company

Danny and his team have been using both GitGuardian Internal Monitoring and GitGuardian Public Monitoring as a safety net. IT Central Station has interviewed him and wrote an objective and detailed review.

DevSecOps

Hunting for secrets in Docker Hub: what we’ve found

In this article, we will explain why Docker images can contain sensitive information and give some examples of the type of secrets we found in public Docker images. Finally, we will compare our results to the ones we have with source code scanning.

Conferences

Supply chain attacks and ransomware groups, the focus of Black Hat 2021 (conference recap)

One of the biggest security events of the year, Black Hat finished. This article looks at the key takeaways from Black Hat, the massive increase in Supply chain and ransomware attacks and what experts say can be the solution.

Tutorials

Shift your CI to GitHub Actions

Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images. Harden your pipeline by scanning for leaked secrets and credentials with the help of GitGuardian's gg-shield action.

DevSecOps

Why SAST + DAST can't be enough

Static and dynamic app testing are cornerstones for any comprehensive AppSec program, yet they rarely rise up to the challenges of fully securing modern software. Discover why secrets are one of their critical blind spots.

Product News

GitGuardian Now Available on the GitHub Marketplace (and already the #1 ranking app in the Security Category)

Today, we're excited to launch GitGuardian on the GitHub Marketplace. With this integration, more developers will find it easier to connect GitGuardian to their GitHub accounts and monitor their repositories for hardcoded credentials.

DevSecOps

NIST's recommendations for secure DevSecOps

Get a taste of NIST's upcoming value propositions and steps to help companies produce secure software by our cybersecurity specialist Shimon Brathwaite.

Cheat sheets

How to improve your Docker containers security [cheat sheet included]

Containers are no security devices. That's why we've curated a set of easily actionable recommendations to improve your Docker containers security. Check out the one-page cheat sheet.

Guardians

Leading R&D in a tech company

Henri shared with us how, coming from a statistical background, he decided to join GitGuardian to build the best secrets detection engine.

DevSecOps

Credential Access - Breaking down the MITRE ATT&CK framework

This article discusses the 15 credential access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.

DevSecOps

How Adding Security into DevOps Accelerates the SDLC (Pt. 2)

Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.

Red Team Chronicles

Red Team Chronicles Episode 3 - The illusion of the fortress

Building a fortress is a strategy from the past. Mobility, remote working, cloud and SaaS have made the delineation between internal and external networks almost impossible. This episode reviews how attackers use fortress against organizations.

DevSecOps

How Adding Security into DevOps Accelerates the SDLC (Pt. 1)

Part one of a deep dive into SDLC and how it evolved to become what we call DevOps. Let's find out how adding security actually accelerates it.

Tutorials

Setting up a pre-commit git hook with GitGuardian Shield

In this tutorial we are going to run through how to create a pre-commit git hook using GitGuardian Shield to detect secrets before they enter your repository.

Best practices

Security in Infrastructure as Code with Terraform — Everything You Need to Know

With DevOps, we try to manage our infrastructure using pure code. Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial. This article looks at how we can keep our infrastructure as code secure.

Red Team Chronicles

Red Team Chronicles Episode 2 - There is no such thing as a “miracle solution”

In episode 2 of the Red Team Chronicles, we talk with Philippe about the one size fits all security claims some vendors make and how hackers use this to get into systems undetected.

Breach explained

Codecov supply chain breach - explained step by step

Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.

Red Team Chronicles

Red Team Chronicles Episode 1 - Meet Philippe our offensive security expert

The Red Team Chronicles follows pentester and entrepreneur Philippe as we look into his hacking playbook. In episode one, we look at how Philippe started his journey to become a pentester.

Customer Stories

CISO Live - Yury Koldobanov from Mirantis

Mirantis helps organizations ship code faster on public and private clouds. Director of IT Yury Koldobanov at Mirantis explains how GitGuardian helps them keep their code secure.

DevSecOps

Initial Access Techniques - MITRE ATT&CK

This article discusses the 9 initial access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.

Guardians

The journey to becoming a backend engineer at GitGuardian

Samuel is a backend engineer working on expanding PII detection within GitGuardian's secrets team. Samuel studied software engineering at EISTI in Paris specializing in cybersecurity and shared with us the journey he took to work at GitGuardian.