Securing your CI/CD: an OIDC Tutorial
The article highlights the significance of securing CI/CD systems and offers three best practices. It introduces OpenID Connect (OIDC) as a means to employ short-lived tokens for improved security.
Why you should look beyond source code for exposed secrets
Learn more about the various sources of exposed secrets beyond source code repositories. From CI/CD systems to container images, runtime environments to project management tools, uncover the risks associated with storing secrets in these sources.
Protect Your Keys - Lessons from the Azure Key Breach
Learn how to better protect your organization from attacks by looking at how attackers compromised a Microsoft signing key. Secure your keys and actively monitor code and logs.
How to Secure Your Productivity Tools with GitGuardian Honeytoken
GitGuardian Honeytokens are potent tools in the cybersecurity toolkit, notifying you of any unauthorized activities in code repos, Jira, Slack, Linear, and more.
How to Secure Your IaC and Configuration Management Tools with GitGuardian’s Honeytoken
It is important to secure environments with intelligent solutions. GitGuardian Honeytoken can help protect your IaC and Config Management tools.
Code Security: Manual Code Reviews Ain't Enough
Manual code reviews provide a lot of value but are slow, error-prone, and don't scale. Automated testing can take a lot of pressure off review teams.
The Art of Protecting Secrets: Eight Essential Concepts for SecOps Practitioners
Secrets management is an art, and mastering it requires a deep understanding of security protocols, meticulous attention to detail, and a proactive approach to staying ahead of threats. In this blog, we present you with eight essential concepts to enhance your credential management strategy.
External Attack Surface Management. What are you missing out on?
Discover the importance of including public GitHub monitoring in your external attack surface management strategy to mitigate the risk of sensitive information exposure. Learn the steps to protect your organization from potential breaches in this blog post.
Lessons from Lapsus - CISO on Building a comprehensive secrets management program
Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.
How to Handle Secrets in Terraform
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
How to Handle Secrets in Kubernetes
This blog post covers creating, storing, and using secrets in Kubernetes, encryption, RBAC, and auditing. It introduces Kubernetes External Secrets and best practices to enhance security. Let's dive in!
9 Extraordinary Terraform Best Practices That Will Rock Your Infrastructure
Master Terraform in the cloud: play with the console, know your infrastructure, avoid mistakes, separate infrastructure from configuration, make code declarative, and understand vendor lock-in.
