GitGuardian Blog

Data Breach: a 5 Steps Response Plan

A data breach is one of the worst scenarios in today’s enterprise security. What’s your plan to remediate this kind of situation, minimize the impact, and ensure business continuity? Although there is no such thing as a one-size-fits-all tactic, the following steps are crucial to a positive outcome.

DevSecOps

Infrastructure as Code - Everything You Need to Know

8 min read
Hunting for secrets in Docker Hub: what we’ve found

6 min read
Why SAST + DAST can't be enough

6 min read

Best practices

Data Breach: a 5 Steps Response Plan

6 min read
CI Pipelines: 5 Risks to Assess

6 min read
10 Rules for Better Cloud Security

5 min read

Secrets detection

Detector of The Month – Okta, December 2021

3 min read
Should we target zero false positives?

5 min read
Secrets Detection - Optimizing filter processes

6 min read

Cheat sheets

8 Easy Steps to Set Up Multiple Git Accounts [cheat sheet included]

6 min read
Docker Security Best Practices & Cheat Sheet

7 min read
Rewriting your git history, removing files permanently [cheat sheet included]

10 min read

Customer Stories

Security Chats - Blake, DevSecOps Engineer at a large computer software company

Blake and his team use GitGuardian Internal Monitoring to keep secrets out of their source code. He explained to PeerSpot the benefits he and his organization have seen in adopting this product.

DevSecOps

Infrastructure as Code - Everything You Need to Know

Infrastructure as Code is slowly but surely becoming norm for organizations that seek automation and faster delivery. Learn the big concepts powering it in this article.

CISO Roadmap

AppSec 2022 Resolutions: find inspiration in this report from Gartner on mitigating software supply chain security threats

The software supply chain is under growing threatThere was no shortage of software supply chain security attacks this year. High-profile attacks such as the Codecov breach (read our play-by-play here)

Customer Stories

Security Chats - Andy, Senior Security Engineer at an insurance company

Andy, Senior Security Engineer at an insurance company has been interviewed by PeerSpot on his usage of GitGuardian Internal Monitoring. They needed a detection tool that would work across all languages and help them identify problem areas.

Best practices

CI Pipelines: 5 Risks to Assess

More and more parts of the software development process can occur without human intervention. However, this is not without its drawbacks. To keep your code and secrets safe, you should add the following security practices to your CI pipeline.

Tutorials

Kubernetes Hardening Tutorial Part 2: Network

How to achieve Control Plane security, true resource separation with network policies, and use Kubernetes Secrets more securely.

Customer Stories

Security Chats - Igor, Director of Development at a large computer software company

Igor Klyashchitskiy, Director of Development and his team have been using GitGuardian tools for 3 years to minimize the possibility of security violations that they could not find without automated secret detection. PeerSpot has interviewed him and written an objective and detailed review.

Secrets detection

Detector of The Month – Okta, December 2021

Keep secrets out of your source code. GitGuardian's automated secrets detection supports Okta API tokens and client secrets.

Breach explained

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak

While most of the attention has been on streamers’ revenues, our 6000 Git repositories study shows a much more serious problem that extends far beyond just this single breach.

Guardians

From securing the battlespace to securing the codebase

This month we are pleased to welcome Daniel, an Account Executive with a passion for everything security.

Secrets detection

Should we target zero false positives?

While scanning millions of documents for secrets, should we really aim at reaching absolute zero or is the story not so simple?

Tutorials

Kubernetes Hardening Tutorial Part 1: Pods

Get a deeper understanding of Kubernetes Pods security with this first tutorial.

Company News

Announcing our $44M fundraise to further enable the AppSec Shared Responsibility Model

Today, on behalf of the entire GitGuardian’s team, I am thrilled to share the news that GitGuardian has raised a $44M Series B led by Eurazeo and Sapphire with participation from existing investors Balderton, Fly Ventures, and BPI. This brings our total investment to date to $56M!

Best practices

10 Rules for Better Cloud Security

Cloud security is a shared responsibility and a big challenge. Here are the basic rules to have in mind to set up efficient guardrails.

Secrets detection

Secrets Detection - Optimizing filter processes

From benchmark analysis, here are our key takeaways on building efficient real-time data filtering pipelines.

Guardians

Building an AppSec product at GitGuardian

Meet Alexandra, who shared with us her motivations to start her career as a full-stack developer at GitGuardian.

Product News

GitGuardian is now part of the PagerDuty Partner Program verified integrations

GitGuardian is now a verified PagerDuty integration, bringing the power of automated secrets detection to one of the leading platforms for real-time digital operations.

Product News

Detector of The Month – Supabase, November 2021

Keep secrets out of your source code. GitGuardian's automated secrets detection now supports Supabase JWT secrets and Service Role JWT secrets.

CISO Roadmap

CISO Roadmap: The First 90 Days

Come away with a game plan for strengthening your information security program.

Cybersecurity frameworks and regulation

What’s new in the 2021 OWASP Top10?

The famous list of the top 10 web applications vulnerabilities just got updated for the first time since 2017. Let's find out what the most surprising changes are.

Best practices

Supply Chain Attacks: 6 Steps to protect your software supply chain

This article looks at software supply chain attacks, exactly what they are and 6 steps you can follow to protect your software supply chain and limit the impact of a supply chain attack.

Secrets detection

Secrets Detection – Tools for reproducible, detailed, and meaningful benchmarks

New series focusing on performance at GitGuardian. Learn how we built the tools to produce meaningful benchmarks and track our improvements in speed over the year.

Conferences

GitHub Universe 2021 Overview – What you missed from the GitHub conference

Missed the GitHub Universe 2021? Here are the key takeaways from the conference including key features and what we can expect in the future from GitHub.

Cheat sheets

8 Easy Steps to Set Up Multiple Git Accounts [cheat sheet included]

Any developer has to set up his Git config at least once. Our cheat sheet will help you make this process a breeze, ensuring that you never push with the wrong profile again!