Security Zines' Rohit Sehgal is back with a top illustration explaining how ggshield, the GitGuardian CLI, helps protect the software development lifecycle.

ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350 types of secrets, as well as other potential security vulnerabilities or policy breaks.

Let's see:  

1. The software development lifecycle (SDLC)
2. Embedding security at each stage of the SDLC -> Secure SDLC
3. What is ggshield?
4. How to install ggshield?
5. Where is ggshield used in the SDLC?

If you enjoyed the zine, spread the word and share it around!

🙌
Security Zines is a project led by Rohit Sehgal, Staff Security Engineer. Check out his work at securityzines.com/#comics and give him a follow on Twitter @sec_r0 to see what he comes up with next!

Start now! Install ggshield pre-commit hook...

Creating a pre-commit hook to detect secrets with GGShield in less than 2 minutes
A mini-tutorial to show how you can create a pre-commit git hook to detect secrets using the pre-commit framework and GGshield. GgShield is a free open-sourc...
YouTube

Or read the step-by-step tutorial here: Setting up a pre-commit git hook with GitGuardian Shield

... or run ggshield in your CI pipelines.

with GitHub Actions

Shift Your CI to GitHub Actions
Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images.Harden your pipeline by scanning for leaked secrets and credentials with the help of GitGuardian’s gg-shield action.
GitGuardian Blog - Automated Secrets DetectionGuest Expert

or with Jenkins

Tutorial: How To Setup Jenkins with GitGuardian in Kubernetes
In this tutorial, we will show how to integrate GitGuardian Shield to run on one of the most famous CI tools: Jenkins (with a cool bonus!).
GitGuardian Blog - Automated Secrets DetectionGuest Expert

Not using any of these? Check the ggshield repository which has extensive documentation covering most of the integration use-cases (GitLab,  GitHub, BitBucket, Circle CI, Travis CI, Jenkins, Drone, and more)

Want to learn more about secure software development?

Get a full tour of the SSDLC with these resources:

Securing your SDLC (Software Development Life Cycle)
In this post, we are going to break down the SDLC and look at how we can add security at each stage with helpful resources.
GitGuardian Blog - Automated Secrets DetectionMackenzie Jackson
DevSecOps Introduction for beginners: Security in the SDLC - GitGuardian Blog
This article introduces DevSecOps, making security part of the entire software development process. It outlines why having a DevSecops approach not only makes the software more secure but also why it can speed up the development process.
GitGuardian Blog - Automated Secrets DetectionGuest Expert
Devops Security & SDLC: Adding Security into DevOps Accelerates the SDLC
Part one of a deep dive into SDLC and how it evolved to become what we call DevOps. Let’s find out how adding security actually accelerates it.
GitGuardian Blog - Automated Secrets DetectionGuest Expert
Devops Security & SDLC: Adding Security into DevOps Accelerates the SDLC
Second part of our guided tour through the SDLC, focusing on the fundamental technology enabling DevOps: the CI pipeline. We will also touch on deployment orchestration, maintenance and incident response.
GitGuardian Blog - Automated Secrets DetectionGuest Expert