The Secrets Sprawl is Worse Than You Think: Key Takeaways from the 2025 Verizon DBIR

Discover 10 critical insights from the 2025 Verizon DBIR on secrets leaks, NHI risks, and credential abuse threats affecting today’s cloud-first orgs.

EDITOR’S PICK

The State of Secrets Sprawl 2025

Dwayne McDaniel

10 Mar 2025 – 4 min read

all tags

Supply Chain Security

Intrusion Detection Through Cyber Deception: Disrupting Attacks With An Active Defense

Misleading attackers to trigger alarms can stop them in their tracks and keep damage to a minimum. Honeytokens, like the ones you can make with GitGuardian Honeytoken, let you easily set such traps.

CloudNativeSecurityCon 2023: A Unique Community Event Focused On The Future Of Open Source and Cloud Native Security

Read some of the highlights from CloudNativeSecurityCon 2023, the first-of-its-kind in-person event, grown from the conversations of the community on the front lines of open source security.

GitGuardian Named Leader in G2 and Sourceforge Winter 2023 Reports

GitGuardian has been awarded four new badges in G2’s Winter 2023 Report and has been named a leader by Sourceforge.

Carole Winqwist

6 Feb 2023 – 1 min read

Supply Chain Security

Supply Chain Security: What is SLSA? (Part I)

Attacks on software supply chains have been around for some time, but recently they have evolved into much more dangerous threats. Let's dive into the SLSA framework to understand where supply chain security is headed.

Guest Expert

3 Feb 2023 – 8 min read

Tutorials

Using GGCanary to Create Your Own Honeytokens with Open Source Tools - Complete Tutorial

Honeytokens or Canary Tokens are credentials designed to alert you when an attacker is in your infrastructure. This is a complete tutorial how to create them using only open-source projects.

Mackenzie Jackson

1 Feb 2023 – 10 min read

Product News

Q4 2022 Product Roundup – find and fix hardcoded secrets

Learn more about the challenges awaiting organizations of hundreds to thousands of developers deploying secrets detection and how we're addressing them with our latest feature releases.

Ziad Ghalleb

30 Jan 2023 – 4 min read

Cheat sheets

IAM Best Practices [cheat sheet included]

Download our cheat sheet on IAM, Identity and Access Management, best practices. It will help you make your cloud environments more secure.

Dwayne McDaniel

27 Jan 2023 – 9 min read

Best practices

How to Handle Secrets in Python

DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.

Guest Expert

25 Jan 2023 – 8 min read

Product News

Azure repos native integration with GitGuardian

DevOps teams and developers can now bring the power of automated secrets detection and remediation to their Azure DevOps repositories.

Soujanya Ain

20 Jan 2023 – 4 min read

Best practices

Top 10 Practices for Secure Software Development

Developer security practices are about adding security at each software development stage. Here’s a list of top developer security practices to follow.

Thomas Segura

18 Jan 2023 – 8 min read

Engineering

10 Tips to Optimize PostgreSQL Queries in Your Django Project

Philippe is back, this time joined by Laurent, to reveal their best tips & tricks to make Django and Postgres the best friends in the world.

Guardians

11 Jan 2023 – 13 min read

Best practices

How To Secure Your CI/CD Pipeline

After CircleCI breach, it is a good moment for any team relying on CI/CD infrastructure to review their pipeline security as there are some steps they can take to be proactive.

Dwayne McDaniel

6 Jan 2023 – 5 min read

The Secrets Sprawl is Worse Than You Think: Key Takeaways from the 2025 Verizon DBIR

Dwayne McDaniel

MOST POPULAR

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

Authentication and Authorization Best Practices

Tiexin Guo

EDITOR’S PICK

The State of Secrets Sprawl 2025

Soujanya Ain

GitGuardian Is Now The Overall Most Installed GitHub Marketplace App

Dwayne McDaniel

Intrusion Detection Through Cyber Deception: Disrupting Attacks With An Active Defense

Dwayne McDaniel

CloudNativeSecurityCon 2023: A Unique Community Event Focused On The Future Of Open Source and Cloud Native Security

Dwayne McDaniel

GitGuardian Named Leader in G2 and Sourceforge Winter 2023 Reports

Carole Winqwist

Supply Chain Security: What is SLSA? (Part I)

Guest Expert

Using GGCanary to Create Your Own Honeytokens with Open Source Tools - Complete Tutorial

Mackenzie Jackson

Q4 2022 Product Roundup – find and fix hardcoded secrets

Ziad Ghalleb

IAM Best Practices [cheat sheet included]

Dwayne McDaniel

How to Handle Secrets in Python

Guest Expert

Azure repos native integration with GitGuardian

Soujanya Ain

Top 10 Practices for Secure Software Development

Thomas Segura

10 Tips to Optimize PostgreSQL Queries in Your Django Project

Guardians

How To Secure Your CI/CD Pipeline

Dwayne McDaniel

Start your journey to secrets-free source code