As Senior SRE, Jon-Erik was aware that many secrets could be hidden in the repositories he supervises, and new ones leaked every day. He told Peerspot how and why he chose GitGuardian and the improvements his team received.
Learn more about the DMCA law and how it applies to digital artifacts like source code.
In this post, we are going to break down the SDLC and look at how we can add security at each stage with helpful resources.
With more than 170k GitHub users and 4.3M (!) repositories under our shield, GitGuardian is proud to help the developers’ community code safer. Here is what you’ve been telling us lately.
![GitHub Actions Security Best Practices [cheat sheet included]](/content/images/size/w600/2022/05/22W18-blog-GitHubActionsSecurityCheatSheet.png)
GitHub Actions is an increasingly popular CI/CD platform. They offer powerful and easy-to-access features to build automation right into any GitHub repository. However, they also require special attention to avoid any compromise. Here are the best practices to secure them.
GitGuardian is moving! We are happy to share with you some pictures of our great new offices in Paris city center.
GitGuardian is now a verified CircleCI technological partner. Use the ggshield orb to run automated secrets detection and remediation in your CircleCI workflows.
Keep secrets out of your source code. GitGuardian's automated secrets detection now supports Stripe webhook signing secrets.
In this tutorial, we will show how to integrate GitGuardian Shield to run on one of the most famous CI tools: Jenkins (with a cool bonus!).
Attackers have used stolen OAuth tokens issued to Travis CI and Heroku to gain access to private git repositories on GitHub. Here we take a look at exactly what happened, why it's significant, and how to mitigate the issue.
Edouard, GitGuardian's VP Product, is a seasoned cybersecurity specialist who joined GitGuardian to push our DevSecOps solutions to new heights. Find out more about his background and what excited him to become a Guardian.
This article aims at providing application security teams with a guide to effectively prioritize, investigate and remediate hardcoded secrets incidents at scale.
![Compromising CI/CD Pipelines with Leaked Credentials [Security Zines]](/content/images/size/w600/2022/04/22W15-blog-SecurityZines-Compromising_CICD_pipelinesnal.jpg)
He struck again! New Security Zine, this time focusing on how leaked Jenkins credentials can lead to a complete supply chain takeover...
This "best practices" article aims to tell you something you haven't read a hundred times. This article won't give you the answer to everything because there isn't one right answer that fits all. It aims to make you think about your unique situation and make the best decisions in accordance.
This tutorial will guide you through the setup of a GitHub Action generating a Seccomp filter for your application, a cutting-edge security feature for hardening containerized workloads.
Keep secrets out of your source code. GitGuardian's automated secrets detection supports Redis database credentials.
In their latest whitepaper, GitGuardian examines why implementing DevSecOps at scale to protect the modern software factory means evolving traditional AppSec. Read more to learn how the shared responsibility model adoption will unlock security in an agile world.
Lapsus$ has continued its prolific pace of breaches now leaking internal source code from 250 Microsoft projects. GitGuardian analyzed the code looking for secrets sprawl.
![Secrets in Git Repos [Security Zines]](/content/images/size/w600/2022/03/22W10-blog-securityzines-1-1.jpg)
Security Zines is a comic strip focused on raising awareness around code security topics. This first installment takes a look at the problem of storing secrets in Git repositories, and why it's such a bad idea...
In this article we present a novel way to protect your container applications post-exploitation. This additional protection is called Seccomp-BPF.
Nearly 200GB of source code from Samsung and the source code from Nvidia's latest DLSS technology has been published online by The Lapsus$ hacking group. Internal source code being leaked online by adversaries is happening with alarming regularity in recent years. Only a few
In its 2022 report, GitGuardian extends its previous edition focused on public GitHub by depicting a realistic view of the state of secrets sprawl in corporate codebases.
Every year, the French government and the government-backed initiative La French Tech shares two startup rankings — the Next40 and the French Tech 120. The startups on these lists are the 40 and 120 top-performing French startups.
Keep secrets out of your source code. GitGuardian's automated secrets detection supports PlanetScale database passwords and tokens.
Don, security engineer, considers secrets in source as his n°1 priority. After using GitGuardian for 2 years, read his opinions on the product features.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
