Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
This blog post covers creating, storing, and using secrets in Kubernetes, encryption, RBAC, and auditing. It introduces Kubernetes External Secrets and best practices to enhance security. Let's dive in!
In this blog post, we'll cover some best practices for managing AWS secrets when using the AWS SDK in Python.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
![Best Practices for Managing and Storing Secrets Including API Keys and Other Credentials [cheat sheet included]](/content/images/size/w600/2020/06/20W22-BLOG-Banner-BestPractices-Final@2x.png)
We have compiled a list of some of the best practices to prevent API key leakage and keep secrets and credentials safe. Secrets management doesn’t have a one-size-fits-all approach, so this list considers multiple perspectives so you can be informed in deciding to or not to implement strategies.
Protect your business, bounce back from disasters: learn the best practices for a reliable GitHub Restore and Disaster Recovery strategy that ensures business continuity.
Misleading attackers to trigger alarms can stop them in their tracks and keep damage to a minimum. Honeytokens, like the ones you can make with GitGuardian Honeytoken, let you easily set such traps.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Developer security practices are about adding security at each software development stage. Here’s a list of top developer security practices to follow.
After CircleCI breach, it is a good moment for any team relying on CI/CD infrastructure to review their pipeline security as there are some steps they can take to be proactive.
If you have discovered that you have just exposed a sensitive file or secrets to a public git repository, there are some very important steps to follow.
In such a fast-developing world, it becomes more and more important to make sure the source code and its metadata are backed up in case of an emergency. Learn everything you need to know about how to backup a GitHub repository.
We're happy to present you our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
Are you looking for ways to manage your developer team better? GitHub Orgs is a great way to keep track of repositories, branches, and collaborators all in one place. In this article, we'll share some best practices for managing developer teams in GitHub Orgs.
DevSecOps expert and GitHub Star Sonya Moisset shared with us her tips to improve your open-source repository's security in a few simple steps.
Mark Bichon from Bearer, the SAST solution for mapping sensitive data flows, shares some essential tips to create security policies that don't feel like a development slowdown.
This article describes the approach followed by one of GitGuardian's enterprise customers to implement a secrets detection program and stop poor secrets management practices at the source.
Identity and access management is a pillar of security. With the advent of the cloud, it got a lot more complicated. Here is a recap of the best practices to put in place to secure AWS IAM.
In this post, we are going to break down the SDLC and look at how we can add security at each stage with helpful resources.
This article aims to provide application security teams with a guide to effectively prioritize, investigate and remediate hardcoded secrets incidents at scale.
This "best practices" article aims to tell you something you haven't read a hundred times. This article won't give you the answer to everything because there isn't one right answer that fits all. It aims to make you think about your unique situation and make the best decisions in accordance.
This tutorial will guide you through the setup of a GitHub Action generating a Seccomp filter for your application, a cutting-edge security feature for hardening containerized workloads.
Security should be something that companies implement into the software development lifecycle as early as possible. It should be a consideration at every step of development, from design and through to deployment and every incremental change made thereafter.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
