Automate security testing in your CI pipelines with GitGuardian and CircleCI

Ziad Ghalleb -

In the DevOps era, we believe that developers should have increased responsibility for security throughout the software development lifecycle. Without their help and contribution, most application security programs are simply set-up-to-fail and will miss the goal of strengthening the overall security posture.

But with such a responsibility, there needs to be an equal commitment from us to providing developers with the supportive tools to design and build secure applications from the start. Frictionless, automated, and composable – security has to get the Developer Experience right if it wants to win the hearts and minds of developers.

In that spirit, we have partnered with CircleCI, to help you build more secure applications. CircleCI is the leading continuous integration and delivery platform that helps development teams release code rapidly and automate the build, test, and deploy steps. And now, we've made it easier to automate secrets detection and remediation in your CircleCI pipelines with ggshield orb.

CircleCI orbs

An orb is a package of CircleCI Yaml configuration that contains predefined commands, executors, and jobs. Orbs are shareable across users, teams, and projects, making it easy to keep your CircleCI configuration up-to-date and in sync.

For example, check out the following orbs that help you upload your coverage reports to Codecov or deploy your infrastructure with Terraform with almost no configuration. Orbs are contributed by the community and CircleCI partners like GitGuardian.

Introducing the GitGuardian ggshield partner orb

GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

GitGuardian Internal Monitoring is an automated secrets detection and remediation platform. Its secrets detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

The ggshield CircleCI orb allows you to use GitGuardian's CLI to detect hardcoded secrets in your CI pipelines, all with a single command. By running the ggshield orb in your project workflows, GitGuardian gives you confidence in every commit. You can learn more about the orb in our GitHub repository.

GitGuardian ggshield CircleCI orb (taken from the CircleCI orbs public registry)

Get started now

Sign up to GitGuardian if you haven't already and create an API key to start using the ggshield orb in your CircleCI workflows. Keep your source code secrets-free with more than 350 built-in specific and generic detectors.

For more information, check out our documentation on how to integrate ggshield with CircleCI.