Protect your code and secure your repositories with honeytokens. Learn how to create and add these digital traps to your SCM repositories and how GitGuardian helps you stay alert to potential threats. Read on for best practices and tips to make the most out of honeytokens.
Is DevOps really dead? Learn about the rise of platform engineering and how it differs from DevOps in terms of self-service capabilities and automation. Discover how security fits into this new paradigm and the benefits of platform engineering for software development teams of various sizes.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
This blog post covers creating, storing, and using secrets in Kubernetes, encryption, RBAC, and auditing. It introduces Kubernetes External Secrets and best practices to enhance security. Let's dive in!
In this final part, we'll discuss more software supply chain security frameworks and the critical role of secrets detection in them. We'll explore the NIST SSDF, SLSA, and OSC&R frameworks and how they cover the topic of secrets in software supply chain security.
![Best Practices for Securing Infrastructure as Code (IaC) in the DevOps SDLC [cheat sheet included]](/content/images/size/w600/2023/04/23W15-blog-GitGuardian-IAC-Cheatsheet.png)
Discover the best practices and tools to secure your infrastructure as code (IaC) throughout the DevOps software development lifecycle. From threat modeling to monitoring, this comprehensive guide offers valuable insights to improve the security, reliability, and consistency of your IaC.
In this blog post, we'll cover some best practices for managing AWS secrets when using the AWS SDK in Python.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Protect your business, bounce back from disasters: learn the best practices for a reliable GitHub Restore and Disaster Recovery strategy that ensures business continuity.
The ability to sign and verify the integrity and origin of software artifacts, such as Docker images, is critical to supply chain security. Let's try Sigstore, a new standard that promises to make this process much easier.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Attacks on software supply chains have been around for some time, but recently they have evolved into much more dangerous threats. Let's dive into the SLSA framework to understand where supply chain security is headed.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
This time, we will see how to get a deeper integration between OPA and Kubernetes with Gatekeeper and native CRD-based policies.
Let's get our hands dirty with policy as code and write our first OPA policies for a Kubernetes environment.
Continuing our series about potential attack scenarios, learn how a very easy configuration mistake on GitHub can lead to a major security breach.
Software composition analysis is an essential part of application security. Here are the important factors to consider when selecting an SCA scanner to be sure it is well-suited to your needs.
Learn the benefits of policy as code and start testing your policies for cloud-native environments.
In such a fast-developing world, it becomes more and more important to make sure the source code and its metadata are backed up in case of an emergency. Learn everything you need to know about how to backup a GitHub repository.
Are you looking for ways to manage your developer team better? GitHub Orgs is a great way to keep track of repositories, branches, and collaborators all in one place. In this article, we'll share some best practices for managing developer teams in GitHub Orgs.
Learn more about what is a Software Bills Of Materials, why use it, what are the standards and how to automate it with Continuous Integration.
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Fourth case: secrets are stolen with a malicious GitHub action.
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Third case: Twitter API keys are used to pump an altcoin.
Have you heard about SOPS? If you have already been in a situation where you needed to share sensitive information with your teammates, this is for you.
DevSecOps expert and GitHub Star Sonya Moisset shared with us her tips to improve your open-source repository's security in a few simple steps.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
