GitGuardian Blog

Improving the Nation's Cybersecurity — Minimum Testing Standards for Software Vendors (part 2)

Continuing our coverage of the Executive Order on Cybersecurity, let's figure out what are the minimum testing standards for software vendors as depicted by the NIST.

Secrets detection

300. That's how many secrets detectors GitGuardian now runs.

GitGuardian now supports more than 300 secrets detectors, available in both products: GitGuardian for Public GitHub Monitoring and GitGuardian for Internal Repositories Monitoring.

Best practices

Hardening Your Kubernetes Cluster - Guidelines (Pt. 2)

In this second episode, we will go through the NSA/CISA security recommendations and explain every piece of the guidelines.

Best practices

Hardening Your Kubernetes Cluster - Threat Model (Pt. 1)

The NSA and CISA recently released a guide on Kubernetes hardening. We'll cover this guide in a three part series. First, let's explore the Threat Model and how it maps to K8s components.

Red Team Chronicles

Red Team Chronicles Episode 5 - Alert to Avoid Serious Compromise

For the last installment of our Red Team Chronicles, Philippe Caturegli explains the different phases of a compromise and what should be a priority for security teams.

Secrets detection

Why detecting generic credentials is a game changer

Discover what generic secrets detection is really about, why it's a critical component to build a performant secrets detection engine, and how GitGuardian is tackling this problem.

Customer Stories

How does Bokeh, the Python Interactive Visualization Library, Secure its Open-Source Repositories?

With 2.5 million monthly downloads, Bokeh has made a name for itself in the world of open-source interactive visualization libraries. Read on to learn how GitGuardian helps Bryan Van de Ven (co-creator and project lead) and contributors protect their repositories against secrets leaks.

Community news

Happy 20th Birthday, OWASP!🎂

We're happy to celebrate the 20th birthday of the Open Web Application Security Project, one of the major open-source resources helping developers better understand and practice web security.

Product News

You can’t remember if you revoked that secret? We’ll help you verify with Validity Checks.

Today, we’re introducing Validity Checks in GitGuardian for Internal Repositories Monitoring. For each incident, users will now be able to verify if the leaked credentials are still valid — bringing their attention to unresolved incidents.

Red Team Chronicles

Red Team Chronicles Episode 4 - No Hidden Information

In this episode, you’ll discover a perfect illustration of the security knowledge gap existing between organizations. Offensive security expert Philippe Caturegli comes across a way too common belief: “nobody will find my scripts or my data because they are very carefully hidden”.

Notes From The Field

What Developers Say About Us

With more than 110k GitHub users and 2.5M (!) repositories under our shield, GitGuardian is proud to help the developers’ community code safer. Here is what you’ve been telling us lately.

Product News

Introducing Presence Checks in GitGuardian for Internal Repositories Monitoring

Today, we’re introducing Presence Checks in GitGuardian for Internal Repositories Monitoring. For each incident in the dashboard, users will now be able to verify if the leaked secret is still present or if it was completely removed from the git history.

Best practices

Improving the Nation’s Cybersecurity — What is 'Critical Software' and how should it be secured? (part 1)

The National Institute of Standards and Technology (NIST) under Executive Order (EO) 14028 has launched an initiative to improve the United States Cybersecurity on May 12th, 2021.

Customer Stories

CISO Live - Danny from a Healthcare Tech Company

Danny and his team have been using both GitGuardian Internal Monitoring and GitGuardian Public Monitoring as a safety net. IT Central Station has interviewed him and wrote an objective and detailed review.

DevSecOps

Hunting for secrets in Docker Hub: what we’ve found

In this article, we will explain why Docker images can contain sensitive information and give some examples of the type of secrets we found in public Docker images. Finally, we will compare our results to the ones we have with source code scanning.

Conferences

Supply chain attacks and ransomware groups, the focus of Black Hat 2021 (conference recap)

One of the biggest security events of the year, Black Hat finished. This article looks at the key takeaways from Black Hat, the massive increase in Supply chain and ransomware attacks and what experts say can be the solution.

Tutorials

Shift your CI to GitHub Actions

Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images. Harden your pipeline by scanning for leaked secrets and credentials with the help of GitGuardian's gg-shield action.

DevSecOps

Why SAST + DAST can't be enough

Static and dynamic app testing are cornerstones for any comprehensive AppSec program, yet they rarely rise up to the challenges of fully securing modern software. Discover why secrets are one of their critical blind spots.

Product News

GitGuardian Now Available on the GitHub Marketplace (and already the #1 ranking app in the Security Category)

Today, we're excited to launch GitGuardian on the GitHub Marketplace. With this integration, more developers will find it easier to connect GitGuardian to their GitHub accounts and monitor their repositories for hardcoded credentials.

DevSecOps

NIST's recommendations for secure DevSecOps

Get a taste of NIST's upcoming value propositions and steps to help companies produce secure software by our cybersecurity specialist Shimon Brathwaite.

Cheat sheets

How to improve your Docker containers security [cheat sheet included]

Containers are no security devices. That's why we've curated a set of easily actionable recommendations to improve your Docker containers security. Check out the one-page cheat sheet.

Guardians

Leading R&D in a tech company

Henri shared with us how, coming from a statistical background, he decided to join GitGuardian to build the best secrets detection engine.

DevSecOps

Credential Access - Breaking down the MITRE ATT&CK framework

This article discusses the 15 credential access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.

DevSecOps

How Adding Security into DevOps Accelerates the SDLC (Pt. 2)

Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.

Red Team Chronicles

Red Team Chronicles Episode 3 - The illusion of the fortress

Building a fortress is a strategy from the past. Mobility, remote working, cloud and SaaS have made the delineation between internal and external networks almost impossible. This episode reviews how attackers use fortress against organizations.