Cybersecurity in Australia has moved well and truly into the focus of the mainstream media and the everyday public. This year we saw two catastrophic security breaches with Optus, an Australian telecom provider, and Medibank, one of the largest health insurance providers in Australia.
New research by CyberNews has revealed that there are millions of private git repositories that are, in fact, not all that private.
Dropbox has confirmed they suffered a data breach involving a bad actor gaining access to credentials, data, and other secrets inside their internal GitHub code repositories.
This year at DEFCON and Black Hat—the world's largest security and hacking conferences—many talks focused on how attackers target developers' accounts. Here are the key points.
On Thursday, September 15th, Uber confirmed reports of an organization-wide cybersecurity breach. This is an evolving situation, but we will bring you here the latest information and commentary as we get it.
The promise of AI code assistance like Copilot was an exciting promise when released. But they might not be the answer to all your problems. A research study has now found that while Copilot frequently introduces vulnerabilities, it may in fact be influenced by the input. Poor code, poor outcome.
Missed out on Black Hat 2022 briefings or got stuck in the business hall? We have you covered.
In this post, we are going to break down the SDLC and look at how we can add security at each stage with helpful resources.
Attackers have used stolen OAuth tokens issued to Travis CI and Heroku to gain access to private git repositories on GitHub. Here we take a look at exactly what happened, why it's significant, and how to mitigate the issue.
Lapsus$ has continued its prolific pace of breaches now leaking internal source code from 250 Microsoft projects. GitGuardian analyzed the code looking for secrets sprawl.
Nearly 200GB of source code from Samsung and the source code from Nvidia's latest DLSS technology has been published online by The Lapsus$ hacking group. Internal source code being leaked online by adversaries is happening with alarming regularity in recent years. Only a few
Security should be something that companies implement into the software development lifecycle as early as possible. It should be a consideration at every step of development, from design and through to deployment and every incremental change made thereafter.
GitGuardian is excited to support OWASP as a gold corporate member of the organization.
While most of the attention has been on streamers’ revenues, our 6000 Git repositories study shows a much more serious problem that extends far beyond just this single breach.
This article looks at software supply chain attacks, exactly what they are and 6 steps you can follow to protect your software supply chain and limit the impact of a supply chain attack.
Missed the GitHub Universe 2021? Here are the key takeaways from the conference including key features and what we can expect in the future from GitHub.
One of the biggest security events of the year, Black Hat finished. This article looks at the key takeaways from Black Hat, the massive increase in Supply chain and ransomware attacks and what experts say can be the solution.
In this tutorial we are going to run through how to create a pre-commit git hook using GitGuardian Shield to detect secrets before they enter your repository.
Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.
Samuel is a backend engineer working on expanding PII detection within GitGuardian's secrets team. Samuel studied software engineering at EISTI in Paris specializing in cybersecurity and shared with us the journey he took to work at GitGuardian.
The modern day bank heists illustrates high-level concepts around security and promotes a change in how we think about security, build defense systems and react to active threats.
Presentation of the talk at the RSA conference by Johannes Ullrich and Jason Lam: Attack & Defend: Protecting Modern Distributed Applications and Components.
GitGuardians “Dev in the loop” is another step towards bringing this into reality with a practical feature that improves the workflow of remediating a secret incident between developers and security teams.
With the expansion of the DevOps and DevSecOps models, the concept of “shift left” in the context of the development lifecycle has become quite popular. This article looks at practical ways organizations implement a Shift Left approach to development.
GitGuardian is releasing exciting new integrations for your favourite CI/CD and SIEM tools to help integrate GitGuardian into your SDLC seamlessly.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
