OAuth for MCP - Emerging Enterprise Patterns for Agent Authorization
Why agents break the old model and require rethinking traditional OAuth patterns.
Yes, GitHub's Copilot can Leak (Real) Secrets
Researchers successfully extracted valid hard-coded secrets from Copilot and CodeWhisperer, shedding light on a novel security risk associated with the proliferation of secrets.
Voice of Practitioners 2024
Organizations spend 32.4% of security budgets on code security, yet only 44% of developers follow secrets management best practices. Get the full insights in our 2024 report.
![Precision & Recall [Security Zines]](/content/images/size/w600/2024/10/Recall-in-Detection.png)
Precision & Recall [Security Zines]
Or how to find a key in a code haystack
Announcing "Crafting Secure Software," GitGuardian's Guide to Security by Design!
Exciting news! Our first book, "Crafting Secure Software," is now available. Learn how to embed security throughout the SDLC, mitigate risks, and foster a security culture. Get your copy today and level up your software security game!
Protect Your Company Secrets: Free GitHub Leaks Audit in One Click
Discover how exposed your company is on public GitHub, anonymously and for free.
![Honeytokens [Security Zines]](/content/images/size/w600/2024/09/Honeytokens.png)
Honeytokens [Security Zines]
Buckle up, buttercup, because we're about to dive into the sticky-sweet world of honeytokens!
CodeSecDays 2024: A Deep Dive in Software Supply Chain Security
Explore key insights from CodeSecDays 2024 on software supply chain security. Learn about AI in DevSecOps, SLSA frameworks, developer-security collaboration, and secrets management. Discover strategies for a more secure digital future.
Balancing AI Performance and Safety: Lessons from PyData Berlin
Would you trust AI to call 911? GitGuardian's ML engineer Nicolas posed this question at PyData Berlin, sparking a discussion on integrating ML into critical systems, debunking AI myths, and balancing innovation with safety in AI deployment.
CodeSecDays: Insights and Highlights from GitGuardian's Security Event
CodeSecDays provided an invaluable platform for the French AppSec community to come together, share insights, address challenges, and explore best practices for securing digital infrastructures. Here are the key highlights.
Why SAST + DAST can't be enough
Static and dynamic app testing are cornerstones for any comprehensive AppSec program, yet they rarely rise up to the challenges of fully securing modern software. Discover why secrets are one of their critical blind spots.
![Software Composition Analysis [Security Zines]](/content/images/size/w600/2024/05/SOPS-Security-Zine--1-.png)
Software Composition Analysis [Security Zines]
For those feeling code-conscious about shady dependencies lurking in their apps, Software Composition Analysis is the software security wellness check you need!
