Secrets Management
HMAC Secrets Explained: Authentication You Can Actually Implement
A developer-first guide to implementing HMAC signatures correctly.
MOST POPULAR
all tags
other
Red Team Chronicles Episode 4 - No Hidden Information
In this episode, you’ll discover a perfect illustration of the security knowledge gap existing between organizations. Offensive security expert Philippe Caturegli comes across a way too common belief: “nobody will find my scripts or my data because they are very carefully hidden”.
Introducing Presence Checks in GitGuardian for Internal Repositories Monitoring
Today, we’re introducing Presence Checks in GitGuardian for Internal Repositories Monitoring. For each incident in the dashboard, users will now be able to verify if the leaked secret is still present or if it was completely removed from the git history.
Improving the Nation’s Cybersecurity — What is 'Critical Software' and how should it be secured? (part 1)
The National Institute of Standards and Technology (NIST) under Executive Order (EO) 14028 has launched an initiative to improve the United States Cybersecurity on May 12th, 2021.
Security Chats - Danny from a Healthcare Tech Company
Danny and his team have been using both GitGuardian Internal Monitoring and GitGuardian Public Monitoring as a safety net. IT Central Station has interviewed him and wrote an objective and detailed review.
Hunting for secrets in Docker Hub: what we’ve found
In this article, we will explain why Docker images can contain sensitive information and give some examples of the type of secrets we found in public Docker images. Finally, we will compare our results to the ones we have with source code scanning.
Supply chain attacks and ransomware groups, the focus of Black Hat 2021 (conference recap)
One of the biggest security events of the year, Black Hat finished. This article looks at the key takeaways from Black Hat, the massive increase in Supply chain and ransomware attacks and what experts say can be the solution.
Shift your CI to GitHub Actions
Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images. Harden your pipeline by scanning for leaked secrets and credentials with the help of GitGuardian's gg-shield action.
GitGuardian Now Available on the GitHub Marketplace (and already the #1 ranking app in the Security Category)
Today, we're excited to launch GitGuardian on the GitHub Marketplace. With this integration, more developers will find it easier to connect GitGuardian to their GitHub accounts and monitor their repositories for hardcoded credentials.
NIST's recommendations for secure DevSecOps
Get a taste of NIST's upcoming value propositions and steps to help companies produce secure software by our cybersecurity specialist Shimon Brathwaite.
Leading R&D in a tech company
Henri shared with us how, coming from a statistical background, he decided to join GitGuardian to build the best secrets detection engine.
Credential Access - Breaking down the MITRE ATT&CK framework
This article discusses the 15 credential access techniques as outlined in the MITRE ATT&CK framework and provides examples of how attackers have used these techniques as well as preventative measures that can be put in place.
How Adding Security into DevOps Accelerates the SDLC (Pt. 2)
Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.
