The Secret to Your Artifactory: Inside The Attacker Kill-Chain

Artifactory token leaks are not the most common, but they pose significant risks, exposing sensitive assets and enabling supply chain attacks. This article explores the dangers of leaked tokens and proposes mitigation strategies, including token scoping and implementing least privilege policies.

Gaetan Ferry

3 Feb 2025 – 9 min read

Dwayne McDaniel

30 Sep 2024 – 7 min read

How to Handle Secrets in Helm

Tiexin Guo

29 Aug 2024 – 16 min read

EDITOR’S PICK

Protecting the Backbone of Modern Development: Scanning Secrets in Container Registries

Ferdinand Boas

23 Jan 2025 – 5 min read

Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

Dwayne McDaniel

18 Dec 2024 – 9 min read

all tags

Engineering

A Deep Dive into Celery Task Resilience, Beyond Basic Retries

How to make your Celery tasks more resilient with best practices to prevent workflow interruptions and handle various failure scenarios.

Guardians

5 Dec 2024 – 9 min read

DevSecOps

The Hidden Challenges of Automating Secrets Rotation: Why Automatic Credential Rotation Isn’t a One-Click Solution

Automating secrets rotation requires maturity and planning. Let's look at how to inventory, scope, and secure credentials without risking downtime or vulnerabilities.

Dwayne McDaniel

3 Dec 2024 – 8 min read

Engineering

MLOps Done Right: GitGuardian's Battle-Tested Open-Source Stack

Our stack to go from experimenting to production won't have any more secrets for you.

Guardians

27 Nov 2024 – 10 min read

Artificial Intelligence

The Quest to Minimize False Positives Reaches Another Significant Milestone

Our breakthrough ML model FP Remover V2 slashes false positives by 80%, setting a new industry standard for secrets detection. Discover how we're helping security teams focus on real threats instead of chasing phantom alerts.

Guardians

25 Nov 2024 – 4 min read

Non-Human Identity

Non-Human Identity Security Strategy for Zero Trust Architecture

Explore NIST-backed guidance on securing Non-Human Identities, reducing risks, and aligning with zero trust principles in cloud-native infrastructures.

Dwayne McDaniel

22 Nov 2024 – 7 min read

Conferences

DevOpsDays Chattanooga 2024: Learning, Laughter, and Innovation

DevOpsDays Chattanooga 2024 delivered key insights on collaboration, security, and agile workflows with engaging talks, ignite sessions, and open discussions.

Dwayne McDaniel

18 Nov 2024 – 5 min read

Connecting, Collaborating, and Celebrating: Our Global Team Seminar in the South of France

Last September, GitGuardian brought together its 150 Guardians from around the world for a three-day seminar on the beautiful Giens Peninsula in the south of France.

Guardians

17 Nov 2024 – 3 min read

Conferences

Black Alps 2024: Highlights from Switzerland's Cybersecurity Ecosystem

Come for the cybersecurity insights, stay for the raclette! Black Alps 2024 packed in Swiss charm with technical talks, a hacker's raclette dinner, and conference-logo chocolates. A perfect mix of threats, treats, and networking.

Guillaume Valadon

13 Nov 2024 – 4 min read

Conferences

AI Summit Vancouver 2024: Exploring AI's Role, Risks, and Transformative Power

At AI Summit Vancouver, experts explored AI ethics, security practices, and balancing innovation with a responsibility to shape a safer AI-empowered future.

Dwayne McDaniel

8 Nov 2024 – 6 min read

Product News

Prevent Security Breaches in Self-Hosted Environments with GitGuardian's Custom Host for Validity Checks

Stop chasing false positives in your self-hosted instances. With GitGuardian's custom host for validity checks, security teams get real-time insights to prioritize active threats, reduce noise, and prevent costly breaches.

Ferdinand Boas

7 Nov 2024 – 5 min read

Best practices

Security Culture: The Best Tool Money Can’t Buy

Building positive relationships, sharing knowledge effectively, and making security "cool" are some of the most worthwhile security pursuits.

C. J. May

6 Nov 2024 – 6 min read

Conferences

Wild, Weird, and Secure: SecureWV 2024's Cryptid-Themed Conference

Discover how SecureWV 2024 combined local folklore with cutting-edge security insights, featuring talks on threat modeling, defense strategies, and team collaboration.

Dwayne McDaniel

4 Nov 2024 – 5 min read

The Secret to Your Artifactory: Inside The Attacker Kill-Chain

Gaetan Ferry

MOST POPULAR

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

How to Handle Secrets in Helm

Tiexin Guo

EDITOR’S PICK

Protecting the Backbone of Modern Development: Scanning Secrets in Container Registries

Ferdinand Boas

Identities Do Not Exist in a Vacuum: A View on Understanding Non-Human Identities Governance

Dwayne McDaniel

A Deep Dive into Celery Task Resilience, Beyond Basic Retries

Guardians

The Hidden Challenges of Automating Secrets Rotation: Why Automatic Credential Rotation Isn’t a One-Click Solution

Dwayne McDaniel

MLOps Done Right: GitGuardian's Battle-Tested Open-Source Stack

Guardians

The Quest to Minimize False Positives Reaches Another Significant Milestone

Guardians

Non-Human Identity Security Strategy for Zero Trust Architecture

Dwayne McDaniel

DevOpsDays Chattanooga 2024: Learning, Laughter, and Innovation

Dwayne McDaniel

Connecting, Collaborating, and Celebrating: Our Global Team Seminar in the South of France

Guardians

Black Alps 2024: Highlights from Switzerland's Cybersecurity Ecosystem

Guillaume Valadon

AI Summit Vancouver 2024: Exploring AI's Role, Risks, and Transformative Power

Dwayne McDaniel

Prevent Security Breaches in Self-Hosted Environments with GitGuardian's Custom Host for Validity Checks

Ferdinand Boas

Security Culture: The Best Tool Money Can’t Buy

C. J. May

Wild, Weird, and Secure: SecureWV 2024's Cryptid-Themed Conference

Dwayne McDaniel

Start your journey to secrets-free source code