secrets in source code Secrets in source code (episode 3/3): Building reliable secrets detection In our last two posts, we took a deep dive into how secrets sprawl and why secrets inside git are such a problem. Both of those articles brought up automated
secrets detection The threat of leaked secrets in git repositories - A discussion between security experts Secrets including API tokens, passwords and credentials are the keys to the kingdom. Yet storing secrets inside git including GitHub & GitLab is a problem. Security experts discuss why this is & how to solve this.
GitOps GitOps - an extension of DevOps for modern infrastructure management GitOps is an evolution of infrastructure as code, a framework that can drastically improve deployment speed and developer efficiency. Here we run through exactly what GitOps is and how to practically implement it.
secrets detection Building internal secrets detection solutions: a case study about how SAP scans git repos for secrets This article looks at how SAP built an internal secrets scanning solution to detect API keys and other credentials hardcoded in git repos and revoke them.
secrets in source code Secrets in source code (episode 2/3). Why secrets in git are such a problem Despite secrets like API keys, OAuth tokens, certificates and passwords being extremely sensitive, it is common for these to leak into git repositories through source code. This article looks at why this is true and how we can prevent it.
White Papers Mitigate Growing Application Security Risks with Automated Secrets Detection Credential theft is already a well-known adversary technique but the risk expands much wider when introducing secrets such as API keys. This article looks at automated secrets detection, the challenges, and potential solutions.
secrets in source code Secrets in source code (episode 1/3) - Secret sprawl and the attack surface The first in a series of articles that will take a deep dive into secrets within source code: In this article, we will look at the concept of secret sprawl, the unwanted distribution of secrets through multiple systems, and how we can prevent it.
DevSecOps Glossary A helpful glossary of common terms and definitions used in DevSecOps explained with amusing comics. We are constantly adding comics and terms so if you have an idea, please be
How to scan local files for secrets in python using the GitGuardian API How to scan local files for secrets like API keys and security certificates in python using the GitGuardian API.
cheat sheets Best practices for managing and storing secrets including API keys and other credentials [2020] Storing and managing secrets like API keys and other credentials can be challenging, even the most careful policies can sometimes be circumvented in exchange for convenience. We have compiled a
GitHub Security GitHub security: what does it take to protect your company from credentials leaking on GitHub? An in depth guide intended for CISOs, application security and other security professionals who want to protect their organizations from credentials leaked on GitHub.
Cyber Security Tools 8 free security tools every developer should know and use to Shift Left A list of 8 free must use security tools every developer should know about to help them secure their code and Shift Left.
secrets detection Assessing model performance in secrets detection: accuracy, precision & recall explained Why precision and recall are such important metrics to consider when evaluating the performance of classification algorithms such as secrets detection.
GitHub Security Git hooks - pre-commit, post-commit, post-receive and more. Automated secrets detection in your software development lifecycle Develop fast, and secure things! Git hooks are extremely useful in the journey to replace as much of the human factor in the process of secure development as possible. In
8 steps to keep remote development teams secure There is no doubt that the world's workforce is becoming more remote, particularly in tech as developers can now work from any location in the world. But there are a
Exposing secrets on GitHub: What to do after leaking credentials and API keys If you have discovered that you have just exposed a sensitive file or secrets to a public git repository, there are some very important steps to follow.
News Product launch: automated secrets detection for your internal repositories, now widely available! February 2020: despite being widely considered to be a very bad practice, secrets stored in internal Version Control Systems is the current state of the world. But why is that?
GitGuardian CEO Jérémy Thomas talks with FrenchWeb about recent capital raise and automating secrets detection for Threat Intelligence and Data Loss Prevention GitGuardian, the French company specialized in cybersecurity, raised 12 million dollars with Balderton Capital. The company’s CEO, Jérémy Thomas, is with FrenchWeb to tell us more.
Founders 18 months scanning GitHub for sensitive data November 2018: Here is what we've learned, achieved, and what's coming next.
![Best practices for managing and storing secrets including API keys and other credentials [2020]](/content/images/size/w600/2020/06/20W22-BLOG-Banner-BestPractices-Final@2x.png)
