Securing your SDLC (Software Development Life Cycle)
In this post, we are going to break down the SDLC and look at how we can add security at each stage with helpful resources.
How Hackers Used Stolen GitHub Tokens to Access Private Source Code
Attackers have used stolen OAuth tokens issued to Travis CI and Heroku to gain access to private git repositories on GitHub. Here we take a look at exactly what happened, why it's significant, and how to mitigate the issue.
Latest from Lapsus$, Reviewing the Microsoft Breach
Lapsus$ has continued its prolific pace of breaches now leaking internal source code from 250 Microsoft projects. GitGuardian analyzed the code looking for secrets sprawl.
Samsung and Nvidia are the latest companies to involuntarily go open-source leaking company secrets
Nearly 200GB of source code from Samsung and the source code from Nvidia's latest DLSS technology has been published online by The Lapsus$ hacking group. Internal source code being leaked online by adversaries is happening with alarming regularity in recent years. Only a few
Mackenzie Jackson, GitGuardian: “code security needs to be a layered approach”
Security should be something that companies implement into the software development lifecycle as early as possible. It should be a consideration at every step of development, from design and through to deployment and every incremental change made thereafter.
GitGuardian is a proud sponsor of OWASP
GitGuardian is excited to support OWASP as a gold corporate member of the organization.
Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak
While most of the attention has been on streamers’ revenues, our 6000 Git repositories study shows a much more serious problem that extends far beyond just this single breach.
Supply Chain Attacks: 6 Steps to protect your software supply chain
This article looks at software supply chain attacks, exactly what they are and 6 steps you can follow to protect your software supply chain and limit the impact of a supply chain attack.
GitHub Universe 2021 Overview – What you missed from the GitHub conference
Missed the GitHub Universe 2021? Here are the key takeaways from the conference including key features and what we can expect in the future from GitHub.
Supply chain attacks and ransomware groups, the focus of Black Hat 2021 (conference recap)
One of the biggest security events of the year, Black Hat finished. This article looks at the key takeaways from Black Hat, the massive increase in Supply chain and ransomware attacks and what experts say can be the solution.
Setting up a pre-commit git hook with GitGuardian Shield
In this tutorial we are going to run through how to create a pre-commit git hook using GitGuardian Shield to detect secrets before they enter your repository.
Codecov supply chain breach - explained step by step
Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.
The journey to becoming a backend engineer at GitGuardian
Samuel is a backend engineer working on expanding PII detection within GitGuardian's secrets team. Samuel studied software engineering at EISTI in Paris specializing in cybersecurity and shared with us the journey he took to work at GitGuardian.
Highlights from the 2021 RSA conference - The modern day bank heists
The modern day bank heists illustrates high-level concepts around security and promotes a change in how we think about security, build defense systems and react to active threats.
Highlights from the 2021 RSA conference - Attack and defend a unique approach to exploiting credentials
Presentation of the talk at the RSA conference by Johannes Ullrich and Jason Lam: Attack & Defend: Protecting Modern Distributed Applications and Components.
Making developers part of security with GitGuardian’s new Dev in the loop feature
GitGuardians “Dev in the loop” is another step towards bringing this into reality with a practical feature that improves the workflow of remediating a secret incident between developers and security teams.
Shift Left - Moving security to the development phase - the case of secrets detection in code repositories
With the expansion of the DevOps and DevSecOps models, the concept of “shift left” in the context of the development lifecycle has become quite popular. This article looks at practical ways organizations implement a Shift Left approach to development.
GitGuardian Internal Monitoring - New and improved integrations with your favorite CI/CD and SIEM tools
GitGuardian is releasing exciting new integrations for your favourite CI/CD and SIEM tools to help integrate GitGuardian into your SDLC seamlessly.
GitGuardian onboarding experience. Feedback from an Account Executive!
To give you some insights on how onboarding is done at GitGuardian we have asked one of our Account Executive, Alexis, to share his experience.
Working as a backend developer at GitGuardian
João is a data and software engineer who works as part of the internal monitoring product team at GitGuardian. João also leads GitGuardian’s API development and GitGuardian’s open-source tools.
Analyzing how hackers breached the Indian government - play by play
The Indian government was breached in a significant attack launched by a white hat hacking group Sakura Samurai leading to a 34 page vulnerability report. Today we will analyze the attack play by play.
GitGuardian Secrets Detection Q1 2021 Update
Sometimes the GitGuardian secrets detection engine can seem like a mysterious black box, but in reality, it is a huge collection of independent detectors that are being constantly maintained by our dedicated Secrets Team.
Working in data science at GitGuardian
GitGuardian has always been a developer-first company since its conception. Today GitGuardian has a large team of engineers with a wide range of skills and stories. This article is about one developer at GitGuardian and why he wanted to work on solving the issue of Secrets Sprawl.
File types that most commonly contain sensitive information
As outlined in the State of Secrets Sprawl report, 5 million credentials and other secrets get leaked on Github every year. This is an in-depth look into what file extensions most commonly contain secrets.
Native Bitbucket Integration with GitGuardian
Since the conception of GitGuardian, we have been working to help developers keep source code secure. This started with scanning public repositories on GitHub and our offering has been growing ever since. In 2020 we released: our internal monitoring product to be able to
