Secrets detection
The State of Secrets Sprawl 2025
GitGuardian's 2025 report reveals 70% of leaked secrets remain active two years later. Discover the alarming state of secrets sprawl & protect your organization.
MOST POPULAR
all tags
other
Hunting for secrets in Docker Hub: what we’ve found
In this article, we will explain why Docker images can contain sensitive information and give some examples of the type of secrets we found in public Docker images. Finally, we will compare our results to the ones we have with source code scanning.
Supply chain attacks and ransomware groups, the focus of Black Hat 2021 (conference recap)
One of the biggest security events of the year, Black Hat finished. This article looks at the key takeaways from Black Hat, the massive increase in Supply chain and ransomware attacks and what experts say can be the solution.
Shift your CI to GitHub Actions
Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images. Harden your pipeline by scanning for leaked secrets and credentials with the help of GitGuardian's gg-shield action.
GitGuardian Now Available on the GitHub Marketplace (and already the #1 ranking app in the Security Category)
Today, we're excited to launch GitGuardian on the GitHub Marketplace. With this integration, more developers will find it easier to connect GitGuardian to their GitHub accounts and monitor their repositories for hardcoded credentials.
NIST's recommendations for secure DevSecOps
Get a taste of NIST's upcoming value propositions and steps to help companies produce secure software by our cybersecurity specialist Shimon Brathwaite.
Leading R&D in a tech company
Henri shared with us how, coming from a statistical background, he decided to join GitGuardian to build the best secrets detection engine.
Credential Access - Breaking down the MITRE ATT&CK framework
This article discusses the 15 credential access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
How Adding Security into DevOps Accelerates the SDLC (Pt. 2)
Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.
Red Team Chronicles Episode 3 - The illusion of the fortress
Building a fortress is a strategy from the past. Mobility, remote working, cloud and SaaS have made the delineation between internal and external networks almost impossible. This episode reviews how attackers use fortress against organizations.
How Adding Security into DevOps Accelerates the SDLC (Pt. 1)
Part one of a deep dive into SDLC and how it evolved to become what we call DevOps. Let's find out how adding security actually accelerates it.
Setting up a pre-commit git hook with ggshield, the GitGuardian CLI.
In this tutorial we are going to run through how to create a pre-commit git hook using GitGuardian Shield to detect secrets before they enter your repository.
Security in Infrastructure as Code with Terraform — Everything You Need to Know
With DevOps, we try to manage our infrastructure using pure code. Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial. This article looks at how we can keep our infrastructure as code secure.
