Mackenzie Jackson - GitGuardian Blog - Automated Secrets Detection

Supply chain attacks and ransomware groups, the focus of Black Hat 2021 (conference recap)

One of the biggest security events of the year, Black Hat finished. This article looks at the key takeaways from Black Hat, the massive increase in Supply chain and ransomware attacks and what experts say can be the solution.

Tutorials

Setting up a pre-commit git hook with GitGuardian Shield

In this tutorial we are going to run through how to create a pre-commit git hook using GitGuardian Shield to detect secrets before they enter your repository.

Breach explained

Codecov supply chain breach - explained step by step

Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.

Guardians

The journey to becoming a backend engineer at GitGuardian

Samuel is a backend engineer working on expanding PII detection within GitGuardian's secrets team. Samuel studied software engineering at EISTI in Paris specializing in cybersecurity and shared with us the journey he took to work at GitGuardian.

Conferences

Highlights from the 2021 RSA conference - The modern day bank heists

The modern day bank heists illustrates high-level concepts around security and promotes a change in how we think about security, build defense systems and react to active threats.

Conferences

Highlights from the 2021 RSA conference - Attack and defend a unique approach to exploiting credentials

Presentation of the talk at the RSA conference by Johannes Ullrich and Jason Lam: Attack & Defend: Protecting Modern Distributed Applications and Components.

Product News

Making developers part of security with GitGuardian’s new Dev in the loop feature

GitGuardians “Dev in the loop” is another step towards bringing this into reality with a practical feature that improves the workflow of remediating a secret incident between developers and security teams.

DevSecOps

Shift Left - Moving security to the development phase - the case of secrets detection in code repositories

With the expansion of the DevOps and DevSecOps models, the concept of “shift left” in the context of the development lifecycle has become quite popular. This article looks at practical ways organizations implement a Shift Left approach to development.

Product News

GitGuardian Internal Monitoring - New and improved integrations with your favorite CI/CD and SIEM tools

GitGuardian is releasing exciting new integrations for your favourite CI/CD and SIEM tools to help integrate GitGuardian into your SDLC seamlessly.

Guardians

GitGuardian onboarding experience. Feedback from an Account Executive!

To give you some insights on how onboarding is done at GitGuardian we have asked one of our Account Executive, Alexis, to share his experience.

Guardians

Working as a backend developer at GitGuardian

João is a data and software engineer who works as part of the internal monitoring product team at GitGuardian. João also leads GitGuardian’s API development and GitGuardian’s open-source tools.

Breach explained

Analyzing how hackers breached the Indian government - play by play

The Indian government was breached in a significant attack launched by a white hat hacking group Sakura Samurai leading to a 34 page vulnerability report. Today we will analyze the attack play by play.

Product News

GitGuardian Secrets Detection Q1 2021 Update

Sometimes the GitGuardian secrets detection engine can seem like a mysterious black box, but in reality, it is a huge collection of independent detectors that are being constantly maintained by our dedicated Secrets Team.

Guardians

Working in data science at GitGuardian

GitGuardian has always been a developer-first company since its conception. Today GitGuardian has a large team of engineers with a wide range of skills and stories. This article is about one developer at GitGuardian and why he wanted to work on solving the issue of Secrets Sprawl.

Best practices

File types that most commonly contain sensitive information

As outlined in the State of Secrets Sprawl report, 5 million credentials and other secrets get leaked on Github every year. This is an in-depth look into what file extensions most commonly contain secrets.

Product News

Native Bitbucket Integration with GitGuardian

Since the conception of GitGuardian, we have been working to help developers keep source code secure. This started with scanning public repositories on GitHub and our offering has been growing

Secrets detection

State of Secrets Sprawl on GitHub - 2021

GitGuardian has been scanning every single public commit made on GitHub for secrets since 2017, now we are releasing our findings in the most comprehensive study on secrets sprawl ever conducted.

Company News

BFM Business interview with GitGuardian founder Jeremy Thomas

GitGuardian CEO Jeremy Thomas, recently had the privilege of being interviewed by BFM Business on national French television about winning the FIC start-up of the year award and the exciting road that is ahead for GitGuardian.

Company News

GitGuardian receives FIC cybersecurity start-up of the year award

GitGuardian is proud to be the 2021 winner of the FIC (International Cybersecurity Forum) Cybersecurity Start-up of the Year Award.

Breach explained

Reviewing the 2021 United Nations data breach

The ethical hacking group Sakura Samurai recently gained access to private United Nations (UN) employee data and systems in a significant data breach.

Secrets detection

Building reliable secrets detection - Secrets in source code (episode 3/3)

This article will expose how our algorithms detect secrets and what we have learnt from scanning, literally, billions of commits.

Secrets detection

The threat of leaked secrets in git repositories - A discussion between security experts

Secrets including API tokens, passwords and credentials are the keys to the kingdom. Yet storing secrets inside git including GitHub & GitLab is a problem. Security experts discuss why this is & how to solve this.

DevSecOps

GitOps - an extension of DevOps for modern infrastructure management

GitOps is an evolution of infrastructure as code, a framework that can drastically improve deployment speed and developer efficiency. Here we run through exactly what GitOps is and how to practically implement it.

Secrets detection

Building internal secrets detection solutions: a case study about how SAP scans git repos for secrets

This article looks at how SAP built an internal secrets scanning solution to detect API keys and other credentials hardcoded in git repos and revoke them.

Secrets detection

Why secrets in git are such a problem - Secrets in source code (episode 2/3)

Despite secrets like API keys, OAuth tokens, certificates and passwords being extremely sensitive, it is common for these to leak into git repositories through source code. This article looks at why this is true and how we can prevent it.