Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.
Discover how Vermeer Corporation transformed its software development lifecycle to prioritize security. Learn about their journey from open-source tools to adopting GitGuardian for seamless, integrated secret scanning, enhancing DevSecOps with a 'Secure by Default' approach.
GitGuardian can now help you check if your (already) hardcoded secrets have not also leaked publicly in code, issues and gists of projects located outside your GitHub organizations.
Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.
![What to do if you expose a secret: How to stay calm and respond to an incident [cheat sheet included]](https://storage.ghost.io/c/42/5d/425d266f-cf99-406e-9436-597a19bed011/content/images/size/w600/2023/11/Remediation-post.png)
Learn how to respond to a secret leak incident effectively. Follow our step-by-step guide to understand the impact, rotate secrets safely, and prevent future leaks.
Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access.
A condensed recap of our hands-on runtime security webinar from September. Get the juiciest knowledge nuggets and pointers to more.
API World 2023 was all about sharing insights on best practices, accounting for all your assets, and the importance of AI and API cybersecurity in an API-driven world.
Discover insights from Gartner's Security and Risk Management 2023 Summit in London. Learn how CNAPP enhances protection in a complex cloud environment.
Learn how to enhance secrets manager security with GitGuardian Honeytoken. Strengthen your system's security and protect your critical assets effectively.
Dive into BSides Atlanta 2023, the largest free security event in the South! Explore insights from top security professionals on Web3.0, cloud vulnerabilities, and more.
Today, we’re unveiling HasMySecretLeaked, a free toolset to help security and DevOps engineers verify if their organization’s secrets have leaked on GitHub.com.
We can’t see your secrets, but we can tell you if they’ve leaked on GitHub. Here’s how we do it.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
