The Hidden Breach: Secrets Leaked Outside the Codebase Pose a Serious Threat

Secrets aren't just in code. GitGuardian’s 2025 report shows major leaks in collaboration tools like Slack, Jira, and Confluence. Here’s what security teams need to know.

EDITOR’S PICK

The State of Secrets Sprawl 2025

Dwayne McDaniel

10 Mar 2025 – 4 min read

all tags

Supply Chain Security

Supply Chain Security: Sigstore and Cosign (Part II)

The ability to sign and verify the integrity and origin of software artifacts, such as Docker images, is critical to supply chain security. Let's try Sigstore, a new standard that promises to make this process much easier.

Guest Expert

22 Feb 2023 – 8 min read

Supply Chain Security

Intrusion Detection Through Cyber Deception: Disrupting Attacks With An Active Defense

Misleading attackers to trigger alarms can stop them in their tracks and keep damage to a minimum. Honeytokens, like the ones you can make with GitGuardian Honeytoken, let you easily set such traps.

Dwayne McDaniel

17 Feb 2023 – 6 min read

Best practices

How to Handle Secrets in Docker

DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.

Guest Expert

15 Feb 2023 – 8 min read

Conferences

CloudNativeSecurityCon 2023: A Unique Community Event Focused On The Future Of Open Source and Cloud Native Security

Read some of the highlights from CloudNativeSecurityCon 2023, the first-of-its-kind in-person event, grown from the conversations of the community on the front lines of open source security.

Dwayne McDaniel

8 Feb 2023 – 14 min read

GitGuardian

GitGuardian Named Leader in G2 and Sourceforge Winter 2023 Reports

GitGuardian has been awarded four new badges in G2’s Winter 2023 Report and has been named a leader by Sourceforge.

Carole Winqwist

6 Feb 2023 – 1 min read

Supply Chain Security

Supply Chain Security: What is SLSA? (Part I)

Attacks on software supply chains have been around for some time, but recently they have evolved into much more dangerous threats. Let's dive into the SLSA framework to understand where supply chain security is headed.

Guest Expert

3 Feb 2023 – 8 min read

Tutorials

Using GGCanary to Create Your Own Honeytokens with Open Source Tools - Complete Tutorial

Honeytokens or Canary Tokens are credentials designed to alert you when an attacker is in your infrastructure. This is a complete tutorial how to create them using only open-source projects.

Mackenzie Jackson

1 Feb 2023 – 10 min read

Product News

Q4 2022 Product Roundup – find and fix hardcoded secrets

Learn more about the challenges awaiting organizations of hundreds to thousands of developers deploying secrets detection and how we're addressing them with our latest feature releases.

Ziad Ghalleb

30 Jan 2023 – 4 min read

Cheat sheets

IAM Best Practices [cheat sheet included]

Download our cheat sheet on IAM, Identity and Access Management, best practices. It will help you make your cloud environments more secure.

Dwayne McDaniel

27 Jan 2023 – 9 min read

Best practices

How to Handle Secrets in Python

DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.

Guest Expert

25 Jan 2023 – 8 min read

Product News

Azure repos native integration with GitGuardian

DevOps teams and developers can now bring the power of automated secrets detection and remediation to their Azure DevOps repositories.

Soujanya Ain

20 Jan 2023 – 4 min read

Best practices

Top 10 Practices for Secure Software Development

Developer security practices are about adding security at each software development stage. Here’s a list of top developer security practices to follow.

Thomas Segura

18 Jan 2023 – 8 min read

The Hidden Breach: Secrets Leaked Outside the Codebase Pose a Serious Threat

Dwayne McDaniel

MOST POPULAR

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

Authentication and Authorization Best Practices

Tiexin Guo

EDITOR’S PICK

The State of Secrets Sprawl 2025

Soujanya Ain

GitGuardian Is Now The Overall Most Installed GitHub Marketplace App

Dwayne McDaniel

Supply Chain Security: Sigstore and Cosign (Part II)

Guest Expert

Intrusion Detection Through Cyber Deception: Disrupting Attacks With An Active Defense

Dwayne McDaniel

How to Handle Secrets in Docker

Guest Expert

CloudNativeSecurityCon 2023: A Unique Community Event Focused On The Future Of Open Source and Cloud Native Security

Dwayne McDaniel

GitGuardian Named Leader in G2 and Sourceforge Winter 2023 Reports

Carole Winqwist

Supply Chain Security: What is SLSA? (Part I)

Guest Expert

Using GGCanary to Create Your Own Honeytokens with Open Source Tools - Complete Tutorial

Mackenzie Jackson

Q4 2022 Product Roundup – find and fix hardcoded secrets

Ziad Ghalleb

IAM Best Practices [cheat sheet included]

Dwayne McDaniel

How to Handle Secrets in Python

Guest Expert

Azure repos native integration with GitGuardian

Soujanya Ain

Top 10 Practices for Secure Software Development

Thomas Segura

Start your journey to secrets-free source code