DevSecOps
OIDC for Developers: Reasons Your Auth Integration Could Be Broken
Why outsourcing auth doesn't mean outsourcing risk.
MOST POPULAR
all tags
other
How We Built a Supply Chain Security Watchtower: Meet SaaS-Sentinel
SaaS-Sentinel is a free monitoring platform that notifies users when their favorite tool might be under attack, helping them stay on top of supply chain risks. Here is the full story of this innovative project that seeks to democratize the use of honeytokens. Join the adventure today!
How to Handle Secrets in Kubernetes
This blog post covers creating, storing, and using secrets in Kubernetes, encryption, RBAC, and auditing. It introduces Kubernetes External Secrets and best practices to enhance security. Let's dive in!
The Secret Vulnerability Finance Execs are Missing
Discover the overlooked vulnerability lurking in every corner of the finance industry. Hardcoded credentials in source code are an easy target for hackers, yet so common they're rarely discussed. Learn what companies can do to protect themselves against costly breaches.
Supply Chain Security: Secrets and Modern Security Frameworks (Part III)
In this final part, we'll discuss more software supply chain security frameworks and the critical role of secrets detection in them. We'll explore the NIST SSDF, SLSA, and OSC&R frameworks and how they cover the topic of secrets in software supply chain security.
DevOps Midwest - A community event full of DevSecOps best practices.
DevOps Midwest 2023 brought together experts in scale, availability, and security best practices. Read some of the highlights from this DevSecOps-focused event.
Why ChatGPT is a security concern for your organization (even if you don't use it)
ChatGPT may not be used by all organizations and may even be banned. But that doesn't mean you don't have exposure to the security risks it contains. This post looks at why ChatGPT should be part of your threat landscape.
![Best Practices for Scanning and Securing Infrastructure as Code (IaC)[cheat sheet included]](/content/images/size/w600/2023/04/23W15-blog-GitGuardian-IAC-Cheatsheet.png)
Best Practices for Scanning and Securing Infrastructure as Code (IaC)[cheat sheet included]
Discover the best practices and tools to scan and secure your infrastructure as code (IaC) throughout the DevOps software development lifecycle. From threat modeling to monitoring, this comprehensive guide offers valuable insights to improve the security, reliability, and consistency of your IaC.
![GitHub Actions Security Best Practices [cheat sheet included]](/content/images/size/w600/2022/05/22W18-blog-GitHubActionsSecurityCheatSheet.png)
GitHub Actions Security Best Practices [cheat sheet included]
Learn how to secure your GitHub Actions with these best practices! From controlling credentials to using specific action version tags, this cheat sheet will help you protect against supply-chain attacks. Don't let a malicious actor inject code into your repository - read now!
Launching GitGuardian Honeytoken: your powerful ally in detecting supply chain breaches!
What if you could detect intrusions and code leaks in your software supply chain? Introducing GitGuardian Honeytoken, the solution that protects your software supply chain against potential intrusions on SCM systems, CI/CD pipelines, software artifact registries, and more.
Innovating at the Intersection of Ops and Product
This month we had the pleasure of chatting with Dhia, ProductOps manager and data analyst.
9 Extraordinary Terraform Best Practices That Will Rock Your Infrastructure
Master Terraform in the cloud: play with the console, know your infrastructure, avoid mistakes, separate infrastructure from configuration, make code declarative, and understand vendor lock-in.
GitGuardian Secrets Detectors Q1 2023 Wrap-Up
GitGuardian's Q1 wrap-up highlights our progress in detecting secrets, introducing new secret detectors, and committing to code security. With six new detectors released in Q1, GitGuardian remains the go-to solution for developers looking to write more secure code.
