The Secrets Sprawl is Worse Than You Think: Key Takeaways from the 2025 Verizon DBIR

Discover 10 critical insights from the 2025 Verizon DBIR on secrets leaks, NHI risks, and credential abuse threats affecting today’s cloud-first orgs.

EDITOR’S PICK

The State of Secrets Sprawl 2025

Dwayne McDaniel

10 Mar 2025 – 4 min read

all tags

Product News

Elevating your secrets security hygiene: H1 roundup of our product innovations

Discover how GitGuardian's latest product innovations enhance your secrets security, streamline remediation, and improve incident management for better protection of your software supply chain.

Drupal GovCon 2024: Securing The Government's Open-Source Web Applications

Read our key takeaways from Drupal GovCon 2024, where Drupal experts explored secure open-source solutions for U.S. government websites and collaborative tools.

Dwayne McDaniel

27 Aug 2024 – 6 min read

Non-Human Identity

Getting Started With SPIFFE for Multi-Cloud Secure Workload Authentication

SPIFFE stands for Secure Production Identity Framework for Everyone, and aims to replace single-factor access credentials with a highly scalable identity solution. This blog post provides some practical applications of SPIFFE in real-world environments.

Guest Expert

26 Aug 2024 – 4 min read

Conferences

DEF CON 32: What We Learned About Secrets Security at AppSec Village

At DEF CON 32's AppSec Village, we explored secrets security challenges, answered common questions, and shared how to detect and handle hidden credentials effectively.

Dwayne McDaniel

22 Aug 2024 – 8 min read

Best practices

From False Positives to Potential Breaches: The Risks of Prematurely Closing Incidents

Ignoring low-risk secrets in GitGuardian? This could be a costly mistake. Learn how to avoid the hidden dangers of prematurely closing incidents.

Ferdinand Boas

20 Aug 2024 – 6 min read

Supply Chain Security

Dependency Confusion Attacks and Prevention: Register Your Private Package Names

Dependency confusion attacks exploit gaps in your software supply chain. Dive into modern dependency management and learn how to defend your systems with best practices.

Guest Expert

15 Aug 2024 – 4 min read

Conferences

Hot Takes and Cool Strategies: BSides Las Vegas 2024

Experience the heat of innovation at BSides Las Vegas 2024, where cybersecurity experts tackle AI security, passwordless solutions, and zero-downtime credential rotation.

Dwayne McDaniel

13 Aug 2024 – 6 min read

Breach explained

The Secrets of the New York Times Source Code Breach

The New York Times had their entire codebase leaked. In this article we explore what was inside that code, how the leak happened and what the risk for the New York Times going forward is. (Spoiler we found thousands of secrets).

Mackenzie Jackson

2 Aug 2024 – 7 min read

Security Research

Demystifying GitHub Private Forks - The Hidden Danger of Cached View

Some explanations about the hidden danger of GitHub features that allow anyone to access commits you thought had been deleted.

Guillaume Valadon

1 Aug 2024 – 2 min read

DevSecOps

Always Be Updating: Why Regular Patching Is Non-Negotiable in DevSecOps

DevSecOps Engineer Gene Gotimer explains why constant software dependency updates are crucial for security in DevSecOps practices.

Guest Expert

31 Jul 2024 – 7 min read

Conferences

Agile2024: Making Sure Security Is Part Of Our Processes

What does Agile have to do with improving security? A lot! Explore highlights from Agile2024, including technical health, productive meetings, and addressing shadow IT.

Dwayne McDaniel

30 Jul 2024 – 7 min read

DevSecOps

Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more

Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the noise.

Guest Expert

26 Jul 2024 – 8 min read

The Secrets Sprawl is Worse Than You Think: Key Takeaways from the 2025 Verizon DBIR

Dwayne McDaniel

MOST POPULAR

GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices

Dwayne McDaniel

Authentication and Authorization Best Practices

Tiexin Guo

EDITOR’S PICK

The State of Secrets Sprawl 2025

Soujanya Ain

GitGuardian Is Now The Overall Most Installed GitHub Marketplace App

Dwayne McDaniel

Elevating your secrets security hygiene: H1 roundup of our product innovations

Soujanya Ain

Drupal GovCon 2024: Securing The Government's Open-Source Web Applications

Dwayne McDaniel

Getting Started With SPIFFE for Multi-Cloud Secure Workload Authentication

Guest Expert

DEF CON 32: What We Learned About Secrets Security at AppSec Village

Dwayne McDaniel

From False Positives to Potential Breaches: The Risks of Prematurely Closing Incidents

Ferdinand Boas

Dependency Confusion Attacks and Prevention: Register Your Private Package Names

Guest Expert

Hot Takes and Cool Strategies: BSides Las Vegas 2024

Dwayne McDaniel

The Secrets of the New York Times Source Code Breach

Mackenzie Jackson

Demystifying GitHub Private Forks - The Hidden Danger of Cached View

Guillaume Valadon

Always Be Updating: Why Regular Patching Is Non-Negotiable in DevSecOps

Guest Expert

Agile2024: Making Sure Security Is Part Of Our Processes

Dwayne McDaniel

Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more

Guest Expert

Start your journey to secrets-free source code