DevSecOps
OIDC for Developers: Reasons Your Auth Integration Could Be Broken
Why outsourcing auth doesn't mean outsourcing risk.
MOST POPULAR
all tags
other
Protecting the Backbone of Modern Development: Scanning Secrets in Container Registries
Secrets buried in container registries pose a silent risk. Learn about their hidden vulnerabilities and what steps you can take to safeguard your infrastructure.
![How to Handle Secrets at the Command Line [cheat sheet included]](/content/images/size/w600/2022/10/22W40-blog-SecretsAtTheCommandLine-Cheatsheet.jpg)
How to Handle Secrets at the Command Line [cheat sheet included]
Developers need to prevent credentials from being exposed while working on the command line. Learn how you might be at risk and what tools and methods to help you work more safely.
Why Hedge Funds Must Prioritize Secrets Security
Protect hedge fund assets from secrets-related attacks. Learn how GitGuardian provides visibility and control over secrets and mitigates the risks of hardcoded secrets.
Executive Order 14144 on Cybersecurity: Building on 2021's Foundation with Advanced NHI Security
Building on EO 14028, EO 14144 advances U.S. cybersecurity with actionable steps for identity governance and secrets management. Learn what this means for you.
How a Large Healthcare Company Slashed Their Secrets Incidents by Half
Learn how one of Europe's largest healthcare tech leaders transformed their Secrets Security with GitGuardian, cutting incidents by half without compromising developer productivity.
GitGuardian 2024: Advancing NHI Security on All Fronts
A look back at 2024: A year of breakthroughs, advancements, and unwavering commitment to elevating NHI and secrets security for organizations.
OWASP Top 10 Non-Human Identity Risks for 2025: What You Need to Know
Learn about OWASP’s newest focus on Non-Human Identities and how to mitigate risks like secret leakage, overprivileged NHIs, and insecure authentication with GitGuardian.
Demystifying Docker: Understanding and Optimizing Your Images
Everything you were too afraid to ask about Docker, containers, and their fundamental building blocks: layers. Understanding how layers work naturally leads to a more efficient method of packing images, ultimately speeding up your deployments.
The secret to your Artifactory: A Deep Dive into Critical Exposures
While Artifactory tokens aren't the most common leaked secrets, GitGuardian's research reveals their critical nature in corporate environments. Recent investigations across major industries show how these tokens frequently expose sensitive resources through build configurations and DevOps code.
What Happened in the U.S. Department of the Treasury Breach? A Detailed Summary
The U.S. Department of the Treasury suffered a major security incident when a Chinese threat actor compromised its third-party cybersecurity service BeyondTrust. The attackers obtained an API key that allowed them to bypass security measures and access unclassified documents.
Detection Engineering: A Case Study
In this blog post, we will explore the intricate world of detection engineering. We’ll start by examining the inputs and outputs of detection engineering, and then we’ll illustrate the detection engineering lifecycle.
How to Handle Secrets in Configuration Management Tools
Configuration management tools like Ansible, Chef, and Puppet offer various methods for handling secrets, each with inherent trade-offs. The article explores these approaches alongside modern OIDC-based solutions that enable short-lived authentication tokens for automated processes.
