Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more

Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the noise.

Securing Containers with Seccomp

In this article we present a novel way to protect your container applications post-exploitation. This additional protection is called Seccomp-BPF.

CVE of the month, the supply chain vulnerability hidden for 10 years CVE-2024-38368

For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368.

Mackenzie Jackson

3 Jul 2024 – 5 min read

DevSecOps

Container Security Scanning: Vulnerabilities, Risks and Tooling

Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.

Guest Expert

27 Jun 2024 – 15 min read

DevSecOps

Unlocking the Full Potential of GitGuardian: Empowering Developers In Code Security

Improve workflows with collaborative incident management to minimize vulnerabilities and enhance productivity with GitGuardian while empowering developers via ggshield.

Dwayne McDaniel

21 Jun 2024 – 7 min read

DevSecOps

CVE of the month, CheckPoint Security Gateway exploit CVE-2024-24919

This month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already!

Mackenzie Jackson

14 Jun 2024 – 4 min read

DevSecOps

Why SAST + DAST can't be enough

Static and dynamic app testing are cornerstones for any comprehensive AppSec program, yet they rarely rise up to the challenges of fully securing modern software. Discover why secrets are one of their critical blind spots.

Thomas Segura

6 Jun 2024 – 7 min read

DevSecOps

Pipeline Integrity and Security in DevSecOps

Last episode of C.J. May's series on implementing a DevSecOps program: how to harden your software delivery pipelines to maintain robust security measures.

Guest Expert

14 May 2024 – 12 min read

DevSecOps

Secure-by-Design Software in DevSecOps

In this new series, CJ May shares his expertise in implementing secure-by-design software processes. The second part of his DevSecOps program is all about implementing secure-by-design software pipelines.

Guest Expert

24 Apr 2024 – 14 min read

DevSecOps

Managing Secrets Security at any Scale: introducing the GitGuardian Secrets Management Needs Quiz

Leverage our newest quiz to discover the most appropriate approach to managing secrets safely based on where your organization is today and how it will grow in the future.

Dwayne McDaniel

10 Apr 2024 – 2 min read

DevSecOps

Vulnerability Management Lifecycle in DevSecOps

In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management.

Guest Expert

27 Mar 2024 – 11 min read

Product News

End-to-end secrets security with CyberArk Conjur Cloud and GitGuardian

We're unlocking new use cases with CyberArk. Explore the first-ever integration between our secrets management and secrets detection solutions and how they can help you keep your secrets protected at all times.

Ziad Ghalleb

6 Feb 2024 – 4 min read