Secrets detection
The State of Secrets Sprawl 2025
GitGuardian's 2025 report reveals 70% of leaked secrets remain active two years later. Discover the alarming state of secrets sprawl & protect your organization.
MOST POPULAR
all tags
other
Red Team Chronicles Episode 2 - There is no such thing as a “miracle solution”
In episode 2 of the Red Team Chronicles, we talk with Philippe about the one size fits all security claims some vendors make and how hackers use this to get into systems undetected.
Codecov supply chain breach - explained step by step
Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.
Red Team Chronicles Episode 1 - Meet Philippe our offensive security expert
The Red Team Chronicles follows pentester and entrepreneur Philippe as we look into his hacking playbook. In episode one, we look at how Philippe started his journey to become a pentester.
CISO Live - Yury Koldobanov from Mirantis
Mirantis helps organizations ship code faster on public and private clouds. Director of IT Yury Koldobanov at Mirantis explains how GitGuardian helps them keep their code secure.
Initial Access Techniques - MITRE ATT&CK
This article discusses the 9 initial access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
The journey to becoming a backend engineer at GitGuardian
Samuel is a backend engineer working on expanding PII detection within GitGuardian's secrets team. Samuel studied software engineering at EISTI in Paris specializing in cybersecurity and shared with us the journey he took to work at GitGuardian.
Data Security — an Introduction to AWS KMS and HashiCorp Vault
While Vault and KMS share some similarities, for example, they both support encryption, but in general, KMS is more on the app data encryption / infra encryption side, and Vault is more on the secrets management / identity-based access side.
Highlights from the 2021 RSA conference - The modern day bank heists
The modern day bank heists illustrates high-level concepts around security and promotes a change in how we think about security, build defense systems and react to active threats.
Highlights from the 2021 RSA conference - Attack and defend a unique approach to exploiting credentials
Presentation of the talk at the RSA conference by Johannes Ullrich and Jason Lam: Attack & Defend: Protecting Modern Distributed Applications and Components.
Making developers part of security with GitGuardian’s new Dev in the loop feature
GitGuardians “Dev in the loop” is another step towards bringing this into reality with a practical feature that improves the workflow of remediating a secret incident between developers and security teams.
An Introduction to DevSecOps - Tackling Security with DevOps & Why It Accelerates Your SDLC
This article introduces DevSecOps, making security part of the entire software development process. It outlines why having a DevSecops approach not only makes the software more secure but also why it can speed up the development process.
Shift Left - Moving security to the development phase - the case of secrets detection in code repositories
With the expansion of the DevOps and DevSecOps models, the concept of “shift left” in the context of the development lifecycle has become quite popular. This article looks at practical ways organizations implement a Shift Left approach to development.
