Best practices How to safely open-source internal software - Some best practices João Guerreiro ECE Engineer from Instituto Superior Técnico, Lisbon. Focus on secure data migration using Trusted Execution Environments. Backend software engineer | GitGuardian | Internal Monitoring ProductThe decision to open-source a piece
Guardians Working as a backend developer at GitGuardian João is a data and software engineer who works as part of the internal monitoring product team at GitGuardian. João also leads GitGuardian’s API development and GitGuardian’s open-source
Breach explained Analyzing how hackers breached the Indian government - play by play The Indian government was breached in a significant attack launched by a white hat hacking group Sakura Samurai leading to a 34 page vulnerability report. Today we will analyze the attack play by play.
Product News GitGuardian Secrets Detection Q1 2021 Update Sometimes the GitGuardian secrets detection engine can seem like a mysterious black box, but in reality, it is a huge collection of independent detectors that are being constantly maintained by
Secrets detection Implementing a detector at GitGuardian : a use case with MongoDB credentials Pierre Lalanne ISAE-Supaéro aeronautics engineering graduate specializing in data science Data Scientist | GitGuardian | Team SecretsIn previous blog posts we saw the subtleties of recall and precision when detecting secrets in
Guardians Working in data science at GitGuardian GitGuardian has always been a developer-first company since its conception. Today GitGuardian has a large team of engineers with a wide range of skills and stories. This article is about one developer at GitGuardian and why he wanted to work on solving the issue of Secrets Sprawl.
Best practices File types that most commonly contain sensitive information As outlined in the State of Secrets Sprawl report, 5 million credentials and other secrets get leaked on Github every year. This is an in-depth look into what file extensions most commonly contain secrets.
Product News Native Bitbucket Integration with GitGuardian Since the conception of GitGuardian, we have been working to help developers keep source code secure. This started with scanning public repositories on GitHub and our offering has been growing
Secrets detection State of Secrets Sprawl on GitHub - 2021 GitGuardian has been scanning every single public commit made on GitHub for secrets since 2017, now we are releasing our findings in the most comprehensive study on secrets sprawl ever conducted.
Company News BFM Business interview with GitGuardian founder Jeremy Thomas GitGuardian CEO Jeremy Thomas, recently had the privilege of being interviewed by BFM Business on national French television about winning the FIC start-up of the year award and the exciting road that is ahead for GitGuardian.
Company News GitGuardian receives FIC cybersecurity start-up of the year award GitGuardian is proud to be the 2021 winner of the FIC (International Cybersecurity Forum) Cybersecurity Start-up of the Year Award.
Breach explained Reviewing the 2021 United Nations data breach The ethical hacking group Sakura Samurai recently gained access to private United Nations (UN) employee data and systems in a significant data breach.
Customer Stories CISO live - Anne Hardy from Talend Talend is a global leader in data integration and data integrity solutions and a pioneer in the open source world. Talend was the first company to market open source data
Cheat sheets Rewriting your git history, removing files permanently - cheatsheet & guide You know that adding secrets to your git repository (even a private one) is a bad idea, because doing so risks exposing confidential information to the world. But mistakes were
Secrets detection Building reliable secrets detection - Secrets in source code (episode 3/3) In our last two posts, we took a deep dive into how secrets sprawl and why secrets inside git are such a problem. Both of those articles brought up automated
Secrets detection The threat of leaked secrets in git repositories - A discussion between security experts Secrets including API tokens, passwords and credentials are the keys to the kingdom. Yet storing secrets inside git including GitHub & GitLab is a problem. Security experts discuss why this is & how to solve this.
DevSecOps GitOps - an extension of DevOps for modern infrastructure management GitOps is an evolution of infrastructure as code, a framework that can drastically improve deployment speed and developer efficiency. Here we run through exactly what GitOps is and how to practically implement it.
Secrets detection Building internal secrets detection solutions: a case study about how SAP scans git repos for secrets This article looks at how SAP built an internal secrets scanning solution to detect API keys and other credentials hardcoded in git repos and revoke them.
Secrets detection Why secrets in git are such a problem - Secrets in source code (episode 2/3) Despite secrets like API keys, OAuth tokens, certificates and passwords being extremely sensitive, it is common for these to leak into git repositories through source code. This article looks at why this is true and how we can prevent it.
Secrets detection Mitigate Growing Application Security Risks with Automated Secrets Detection Credential theft is already a well-known adversary technique but the risk expands much wider when introducing secrets such as API keys. This article looks at automated secrets detection, the challenges, and potential solutions.
Secrets detection Secret sprawl and the attack surface - Secrets in source code (episode 1/3) The first in a series of articles that will take a deep dive into secrets within source code: In this article, we will look at the concept of secret sprawl, the unwanted distribution of secrets through multiple systems, and how we can prevent it.
DevSecOps DevSecOps Glossary A helpful glossary of common terms and definitions used in DevSecOps explained with amusing comics. We are constantly adding comics and terms so if you have an idea, please be
Best practices How to scan local files for secrets in python using the GitGuardian API How to scan local files for secrets like API keys and security certificates in python using the GitGuardian API.
Cheat sheets Best practices for managing and storing secrets including API keys and other credentials [2020] Storing and managing secrets like API keys and other credentials can be challenging, even the most careful policies can sometimes be circumvented in exchange for convenience. We have compiled a
Secrets detection GitHub security: what does it take to protect your company from credentials leaking on GitHub? An in depth guide intended for CISOs, application security and other security professionals who want to protect their organizations from credentials leaked on GitHub.
![Best practices for managing and storing secrets including API keys and other credentials [2020]](/content/images/size/w600/2020/06/20W22-BLOG-Banner-BestPractices-Final@2x.png)
