DevSecOps
What is Policy-as-Code? An Introduction to Open Policy Agent
Learn the benefits of policy as code and start testing your policies for cloud-native environments.
MOST POPULAR
all tags
other
What is Policy-as-Code? An Introduction to Open Policy Agent
Learn the benefits of policy as code and start testing your policies for cloud-native environments.
The Ultimate Guide to GitHub Backups
In such a fast-developing world, it becomes more and more important to make sure the source code and its metadata are backed up in case of an emergency. Learn everything you need to know about how to backup a GitHub repository.
CyberTech NYC 2022: Securing The Future Together
GitGuardian joined dozens of security companies in New York City to share knowledge about the ever-shifting enterprise landscape. Here are just a few of the highlights from CyberTech NYC 2022.
Securing The New Frontier in Developer Environments: Cloud IDEs
You might already be using a Cloud IDE for certain projects. This exciting evolution of the local dev environment has a lot of advantages but also brings some new risks. This article will help you stay safe as you embrace the cloud for your coding needs.
Introducing Infrastructure as Code Security
The GitGuardian Internal Monitoring platform will now include Infrastructure as Code (IaC) scanning to help organizations protect their infrastructure at the source.
Efficiently Computing Permissions at Scale—Our Engineering Approach
Eugène, Staff Engineer at GitGuardian, explains the thinking and the technical choices behind one of the most anticipated features of this year: Teams.
When it Comes to Secrets, How Mature is Your Organization?
We're happy to present you our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
Millions of .git folders exposed publicly by mistake
2022 has been the year of source code leaks; Microsoft, Nvidia, Samsung, Rockstar, and many more companies have had their source code involuntarily open-sourced. But some new research by CyberNews has revealed that there are millions of private git repositories that are, in fact,
Automate your way out of code security incidents with GitGuardian’s playbooks
Learn more about GitGuardian’s no-code workflows and how they can help you enjoy some respite from the manual and grunt work no security engineer ever enjoys.
Don't Tackle Security Alone: A Beginner's Guide To OWASP
Securing your apps can feel overwhelming and isolating. Fortunately, there is a community making free security tools and resources, that would welcome you at their events: OWASP
Dropbox Suffers Data Breach From Phishing Attack, Exposing Customer and Employee Emails
Dropbox has confirmed they suffered a data breach involving a bad actor gaining access to credentials, data, and other secrets inside their internal GitHub code repositories.
Yves Mimeran Joins GitGuardian to Grow the Company’s Channel Partner Program
Yves joins GitGuardian as an accomplished channel sales leader with 20 years of experience in Senior Channel leadership positions with SecurityScorecard, EclecticIQ, Balabit.
![How To Use ggshield To Avoid Hardcoded Secrets [cheat sheet included]](/content/images/size/w600/2022/10/22W44-blog-SecuringYourSecretsWithGGshield-Cheatsheet.jpg)
How To Use ggshield To Avoid Hardcoded Secrets [cheat sheet included]
GitGuardian’s ggshield CLI tool can help you keep your secrets away from your repos and pipelines. Download our handy cheat sheet to quickly become proficient in our CLI tool.
Best practices for managing developer teams in GitHub Orgs
Are you looking for ways to manage your developer team better? GitHub Orgs is a great way to keep track of repositories, branches, and collaborators all in one place. In this article, we'll share some best practices for managing developer teams in GitHub Orgs.
SecureWV 2022 Lucky Th1rt3en: Malware, ransomware, and maturity models
SecureWV 2022 was the largest gathering of security professionals in the Mountain State ever. Read the highlights, including an in-depth look at ransomware and malware organizations.
It Takes a Team to Solve Hardcoded Secrets
We’re introducing a new Role-based Access Management (RBAC) system with “Teams” in your GitGuardian Internal Monitoring workspace. Bring Dev, Sec, and Ops together and fix hardcoded credentials faster than you ever thought possible!
A Brief Introduction to SBOM - Software Bill of Materials - and How to Use it with CI
Learn more about what is a Software Bills Of Materials, why use it, what are the standards and how to automate it with Continuous Integration.
Thinking Like a Hacker: Stealing Secrets with a Malicious GitHub Action
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Fourth case: secrets are stolen with a malicious GitHub action.
Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub
On October 7th, Toyota revealed a partial copy of their T-Connect source code had been accidentally exposed for 5 years, including access to data for over 290,000 customers.
Laying the Foundations for Growth
This month we had the pleasure to chat with Alexandre, Business Analyst in the Operations team.
DevOpsDays Chicago 2022 - Cloud security, hacking containers, community, and much more...
DevOpsDays Chicago returned as an in-person event in 2022. Read the highlights of this amazing DevOps event, including how many conversations revolved around security and containers.
![Secrets at the Command Line [cheat sheet included]](/content/images/size/w600/2022/10/22W40-blog-SecretsAtTheCommandLine-Cheatsheet.jpg)
Secrets at the Command Line [cheat sheet included]
Developers need to prevent credentials from being exposed while working on the command line. Learn how you might be at risk and what tools and methods to help you work more safely.
Poisoning the source – How and why attackers are targeting developer accounts
This year at DEFCON and Black Hat—the world's largest security and hacking conferences—many talks focused on how attackers target developers' accounts. Here are the key points.
Thinking Like a Hacker: Commanding a Bot Army of Compromised Twitter Accounts
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Third case: Twitter API keys are used to pump an altcoin.
A Comprehensive Guide to SOPS: Managing Your Secrets Like A Visionary, Not a Functionary
Have you heard about SOPS? If you have already been in a situation where you needed to share sensitive information with your teammates, this is for you.
