Non-Human Identity
SRE Playbook: A Guide to Discover and Catalog Non-Human Identities (NHI)
Let's take a closer look at the fragmented NHI inventory from a site reliability engineer's perspective.
MOST POPULAR
all tags
other
Building internal secrets detection solutions: a case study about how SAP scans git repos for secrets
This article looks at how SAP built an internal secrets scanning solution to detect API keys and other credentials hardcoded in git repos and revoke them.
Why secrets in git are such a problem - Secrets in source code (episode 2/3)
Despite secrets like API keys, OAuth tokens, certificates and passwords being extremely sensitive, it is common for these to leak into git repositories through source code. This article looks at why this is true and how we can prevent it.
Mitigate Growing Application Security Risks with Automated Secrets Detection
Credential theft is already a well-known adversary technique but the risk expands much wider when introducing secrets such as API keys. This article looks at automated secrets detection, the challenges, and potential solutions.
Secret sprawl and the attack surface - Secrets in source code (episode 1/3)
The first in a series of articles that will take a deep dive into secrets within source code: In this article, we will look at the concept of secret sprawl, the unwanted distribution of secrets through multiple systems, and how we can prevent it.
DevSecOps Glossary
A helpful glossary of common terms and definitions used in DevSecOps explained with amusing comics.
How to scan local files for secrets in python using the GitGuardian API
How to scan local files for secrets like API keys and security certificates in python using the GitGuardian API.
GitHub security: what does it take to protect your company from credentials leaking on GitHub?
An in depth guide intended for CISOs, application security and other security professionals who want to protect their organizations from credentials leaked on GitHub.
8 free security tools every developer should know and use to Shift Left
A list of 8 free must use security tools every developer should know about to help them secure their code and Shift Left.
Assessing model performance in secrets detection: accuracy, precision & recall explained
Why precision and recall are such important metrics to consider when evaluating the performance of classification algorithms such as secrets detection.
Git hooks - pre-commit, post-commit, post-receive
Git hooks are extremely useful to secure the development practice. In this blog post, I will take the example of detecting secrets in source code to illustrate how you can make the most out of git hooks.
8 steps to keep remote development teams secure
There is no doubt that the world's workforce is becoming more remote, particularly in tech as developers can now work from any location in the world. But there are a large number of new obstacles that come with this. The most pressing is security.
Product launch: automated secrets detection for your internal repositories, now widely available!
February 2020: despite being widely considered to be a very bad practice, secrets stored in internal Version Control Systems is the current state of the world. But why is that?
