The Secrets Sprawl is Worse Than You Think: Key Takeaways from the 2025 Verizon DBIR

Discover 10 critical insights from the 2025 Verizon DBIR on secrets leaks, NHI risks, and credential abuse threats affecting today’s cloud-first orgs.

EDITOR’S PICK

The State of Secrets Sprawl 2025

Dwayne McDaniel

10 Mar 2025 – 4 min read

all tags

Customer Stories

Secure by Default: Integrating GitGuardian in Vermeer's Software Development Lifecycle

Discover how Vermeer Corporation transformed its software development lifecycle to prioritize security. Learn about their journey from open-source tools to adopting GitGuardian for seamless, integrated secret scanning, enhancing DevSecOps with a 'Secure by Default' approach.

Guest Expert

20 Nov 2023 – 6 min read

Product News

Unveiling public leak checks for hardcoded secrets in the GitGuardian Platform

GitGuardian can now help you check if your (already) hardcoded secrets have not also leaked publicly in code, issues and gists of projects located outside your GitHub organizations.

Ziad Ghalleb

16 Nov 2023 – 4 min read

Secrets detection

Uncovering thousands of unique secrets in PyPI packages

Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.

Guest Expert

13 Nov 2023 – 10 min read

Best practices

What to do if you expose a secret: How to stay calm and respond to an incident [cheat sheet included]

Learn how to respond to a secret leak incident effectively. Follow our step-by-step guide to understand the impact, rotate secrets safely, and prevent future leaks.

Dwayne McDaniel

11 Nov 2023 – 11 min read

Breach explained

Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat

Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access.

Mackenzie Jackson

10 Nov 2023 – 4 min read

Best practices

Webinar Recap: Hands-on guide to Runtime Security for CI/CD Pipelines with StepSecurity

A condensed recap of our hands-on runtime security webinar from September. Get the juiciest knowledge nuggets and pointers to more.

Greg Bulmash

7 Nov 2023 – 3 min read

Conferences

API World 2023: Bringing together API, AI, and Secrets security

API World 2023 was all about sharing insights on best practices, accounting for all your assets, and the importance of AI and API cybersecurity in an API-driven world.

Dwayne McDaniel

6 Nov 2023 – 8 min read

Conferences

Navigating Cloud and Application Security: Insights from the Gartner Security and Risk Management Summit

Discover insights from Gartner's Security and Risk Management 2023 Summit in London. Learn how CNAPP enhances protection in a complex cloud environment.

Soujanya Ain

3 Nov 2023 – 11 min read

Honeytokens

How to Secure Your Secrets Manager with GitGuardian Honeytoken

Learn how to enhance secrets manager security with GitGuardian Honeytoken. Strengthen your system's security and protect your critical assets effectively.

Thomas Segura

31 Oct 2023 – 5 min read

Conferences

Connecting with the community at BSides Atlanta 2023

Dive into BSides Atlanta 2023, the largest free security event in the South! Explore insights from top security professionals on Web3.0, cloud vulnerabilities, and more.

Dwayne McDaniel

23 Oct 2023 – 8 min read

Product News

Has Your Secret Leaked? Here's the easiest way to find out.

Today, we’re unveiling HasMySecretLeaked, a free toolset to help security and DevOps engineers verify if their organization’s secrets have leaked on GitHub.com.

Ziad Ghalleb

17 Oct 2023 – 7 min read

Engineering

HasMySecretLeaked - Building a Trustless and Secure Protocol

We can’t see your secrets, but we can tell you if they’ve leaked on GitHub. Here’s how we do it.

Guardians

17 Oct 2023 – 7 min read

The Secrets Sprawl is Worse Than You Think: Key Takeaways from the 2025 Verizon DBIR

Dwayne McDaniel

MOST POPULAR

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

Authentication and Authorization Best Practices

Tiexin Guo

EDITOR’S PICK

The State of Secrets Sprawl 2025

Soujanya Ain

GitGuardian Is Now The Overall Most Installed GitHub Marketplace App

Dwayne McDaniel

Secure by Default: Integrating GitGuardian in Vermeer's Software Development Lifecycle

Guest Expert

Unveiling public leak checks for hardcoded secrets in the GitGuardian Platform

Ziad Ghalleb

Uncovering thousands of unique secrets in PyPI packages

Guest Expert

What to do if you expose a secret: How to stay calm and respond to an incident [cheat sheet included]

Dwayne McDaniel

Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat

Mackenzie Jackson

Webinar Recap: Hands-on guide to Runtime Security for CI/CD Pipelines with StepSecurity

Greg Bulmash

API World 2023: Bringing together API, AI, and Secrets security

Dwayne McDaniel

Navigating Cloud and Application Security: Insights from the Gartner Security and Risk Management Summit

Soujanya Ain

How to Secure Your Secrets Manager with GitGuardian Honeytoken

Thomas Segura

Connecting with the community at BSides Atlanta 2023

Dwayne McDaniel

Has Your Secret Leaked? Here's the easiest way to find out.

Ziad Ghalleb

HasMySecretLeaked - Building a Trustless and Secure Protocol

Guardians

Start your journey to secrets-free source code