How to Handle Secrets in Python
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
Top 10 Practices for Secure Software Development
Developer security practices are about adding security at each software development stage. Here’s a list of top developer security practices to follow.
How To Secure Your CI/CD Pipeline
After CircleCI breach, it is a good moment for any team relying on CI/CD infrastructure to review their pipeline security as there are some steps they can take to be proactive.
The Ultimate Guide to GitHub Backups
In such a fast-developing world, it becomes more and more important to make sure the source code and its metadata are backed up in case of an emergency. Learn everything you need to know about how to backup a GitHub repository.
When it Comes to Secrets, How Mature is Your Organization?
We're happy to present you our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
Best practices for managing developer teams in GitHub Orgs
Are you looking for ways to manage your developer team better? GitHub Orgs is a great way to keep track of repositories, branches, and collaborators all in one place. In this article, we'll share some best practices for managing developer teams in GitHub Orgs.
GitHub Security 101: Best Practices for Securing your Repository
DevSecOps expert and GitHub Star Sonya Moisset shared with us her tips to improve your open-source repository's security in a few simple steps.
How to make security policies a team effort
Mark Bichon from Bearer, the SAST solution for mapping sensitive data flows, shares some essential tips to create security policies that don't feel like a development slowdown.
Implementing a Secrets Detection Program for the Enterprise – a case study
This article describes the approach followed by one of GitGuardian's enterprise customers to implement a secrets detection program and stop poor secrets management practices at the source.
AWS IAM Security Best Practices
Identity and access management is a pillar of security. With the advent of the cloud, it got a lot more complicated. Here is a recap of the best practices to put in place to secure AWS IAM.
Securing your SDLC (Software Development Life Cycle)
In this post, we are going to break down the SDLC and look at how we can add security at each stage with helpful resources.
Investigating, prioritizing, and remediating thousands of hardcoded secrets incidents
This article aims to provide application security teams with a guide to effectively prioritize, investigate and remediate hardcoded secrets incidents at scale.
9 Extraordinary Terraform Best Practices That Will Rock Your Infrastructure
This "best practices" article aims to tell you something you haven't read a hundred times. This article won't give you the answer to everything because there isn't one right answer that fits all. It aims to make you think about your unique situation and make the best decisions in accordance.
Securing Containers with Seccomp: Part 2
This tutorial will guide you through the setup of a GitHub Action generating a Seccomp filter for your application, a cutting-edge security feature for hardening containerized workloads.
Mackenzie Jackson, GitGuardian: “code security needs to be a layered approach”
Security should be something that companies implement into the software development lifecycle as early as possible. It should be a consideration at every step of development, from design and through to deployment and every incremental change made thereafter.
Data Breach: a 5 Steps Response Plan
A data breach is one of the worst scenarios in today’s enterprise security. What’s your plan to remediate this kind of situation, minimize the impact, and ensure business continuity? Although there is no such thing as a one-size-fits-all tactic, the following steps are crucial to a positive outcome.
CI Pipelines: 5 Risks to Assess
More and more parts of the software development process can occur without human intervention. However, this is not without its drawbacks. To keep your code and secrets safe, you should add the following security practices to your CI pipeline.
10 Rules for Better Cloud Security
Cloud security is a shared responsibility and a big challenge. Here are the basic rules to have in mind to set up efficient guardrails.
Supply Chain Attacks: 6 Steps to protect your software supply chain
This article looks at software supply chain attacks, exactly what they are and 6 steps you can follow to protect your software supply chain and limit the impact of a supply chain attack.
Improving the Nation's Cybersecurity — Minimum Testing Standards for Software Vendors (part 2)
Continuing our coverage of the Executive Order on Cybersecurity, let's figure out what are the minimum testing standards for software vendors as depicted by the NIST.
Hardening Your Kubernetes Cluster - Guidelines (Pt. 2)
In this second episode, we will go through the NSA/CISA security recommendations and explain every piece of the guidelines.
Hardening Your Kubernetes Cluster - Threat Model (Pt. 1)
The NSA and CISA recently released a guide on Kubernetes hardening. We'll cover this guide in a three part series. First, let's explore the Threat Model and how it maps to K8s components.
Improving the Nation’s Cybersecurity — What is 'Critical Software' and how should it be secured? (part 1)
The National Institute of Standards and Technology (NIST) under Executive Order (EO) 14028 has launched an initiative to improve the United States Cybersecurity on May 12th, 2021.
Security in Infrastructure as Code with Terraform — Everything You Need to Know
With DevOps, we try to manage our infrastructure using pure code. Since all our infrastructure is managed by code, the security of the code that actually manages the infrastructure is crucial. This article looks at how we can keep our infrastructure as code secure.
Data Security — an Introduction to AWS KMS and HashiCorp Vault
While Vault and KMS share some similarities, for example, they both support encryption, but in general, KMS is more on the app data encryption / infra encryption side, and Vault is more on the secrets management / identity-based access side.
