Secrets Management
HMAC Secrets Explained: Authentication You Can Actually Implement
A developer-first guide to implementing HMAC signatures correctly.
MOST POPULAR
all tags
other
Yves Mimeran Joins GitGuardian to Grow the Company’s Channel Partner Program
Yves joins GitGuardian as an accomplished channel sales leader with 20 years of experience in Senior Channel leadership positions with SecurityScorecard, EclecticIQ, Balabit.
Best practices for managing developer teams in GitHub Orgs
Are you looking for ways to manage your developer team better? GitHub Orgs is a great way to keep track of repositories, branches, and collaborators all in one place. In this article, we'll share some best practices for managing developer teams in GitHub Orgs.
SecureWV 2022 Lucky Th1rt3en: Malware, ransomware, and maturity models
SecureWV 2022 was the largest gathering of security professionals in the Mountain State ever. Read the highlights, including an in-depth look at ransomware and malware organizations.
It Takes a Team to Solve Hardcoded Secrets
We’re introducing a new Role-based Access Management (RBAC) system with “Teams” in your GitGuardian Internal Monitoring workspace. Bring Dev, Sec, and Ops together and fix hardcoded credentials faster than you ever thought possible!
A Brief Introduction to SBOM - Software Bill of Materials - and How to Use it with CI
Learn more about what is a Software Bills Of Materials, why use it, what are the standards and how to automate it with Continuous Integration.
Thinking Like a Hacker: Stealing Secrets with a Malicious GitHub Action
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Fourth case: secrets are stolen with a malicious GitHub action.
Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub
On October 7th, Toyota revealed a partial copy of their T-Connect source code had been accidentally exposed for 5 years, including access to data for over 290,000 customers.
Laying the Foundations for Growth
This month we had the pleasure to chat with Alexandre, Business Analyst in the Operations team.
DevOpsDays Chicago 2022 - Cloud security, hacking containers, community, and much more...
DevOpsDays Chicago returned as an in-person event in 2022. Read the highlights of this amazing DevOps event, including how many conversations revolved around security and containers.
Poisoning the source – How and why attackers are targeting developer accounts
This year at DEFCON and Black Hat—the world's largest security and hacking conferences—many talks focused on how attackers target developers' accounts. Here are the key points.
Thinking Like a Hacker: Commanding a Bot Army of Compromised Twitter Accounts
How can an attacker exploit leaked credentials? In this new series, we try to answer this question by imagining plausible attack scenarios. Third case: Twitter API keys are used to pump an altcoin.
Uber Breach 2022 – Everything You Need to Know
On Thursday, September 15th, Uber confirmed reports of an organization-wide cybersecurity breach. This is an evolving situation, but we will bring you here the latest information and commentary as we get it.
