Our latest State of Secrets Sprawl 2025 research reveals a troubling reality: the majority of leaked corporate secrets found in public code repositories continue to provide access to systems for years after their discovery.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Responsible disclosure is an often overlooked but critical component of cybersecurity alerting processes. Explore key best practices that can enhance communication and collaboration with researchers, turning potential security threats into opportunities for stronger defense.
Discover how BSidesSD 2025 challenged traditional GRC, spotlighted data poisoning, and promoted human-driven security insights. Read our highlights from this community event.
Secrets aren't just in code. GitGuardian’s 2025 report shows major leaks in collaboration tools like Slack, Jira, and Confluence. Here’s what security teams need to know.
At Denver's SnowFROC, security pros tackled the importance of OWASP’s evolving Top 10 and exposed the current shortcomings of AI-generated code for production systems.
Worried about GitHub Copilot’s security and privacy concerns? Learn about potential risks and best practices to protect yourself and your organization while leveraging AI.
Researchers successfully extracted valid hard-coded secrets from Copilot and CodeWhisperer, shedding light on a novel security risk associated with the proliferation of secrets.
Go beyond GitHub's scope. Understand the full picture of your secret leaks with GitGuardian, covering public and internal exposures.
tl;dr: There's no silver bullet for keeping secrets out of logs, but if we put several "lead bullets" in the right places, we have a good chance of success.
At JSSI 2025, French IT security experts discussed the cloud's impact on security. Presentations covered strategy and technical analysis. GitGuardian’s researchers shared insights on detecting secrets in the cloud and responsibly disclosing them to companies.
On March 14, 2025, the popular GitHub action tj-actions/changed-files was compromised, exposing secrets in CI logs. GitGuardian's analysis identified leaked secrets like GitHub tokens, AWS keys, and more.
Generic secrets are hard to detect and are getting leaked more often. See how GitGuardian offers advanced protection where GitHub's push protection falls short.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
