Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.
Is DevOps really dead? Learn about the rise of platform engineering and how it differs from DevOps in terms of self-service capabilities and automation. Discover how security fits into this new paradigm and the benefits of platform engineering for software development teams of various sizes.
ChatGPT may not be used by all organizations and may even be banned. But that doesn't mean you don't have exposure to the security risks it contains. This post looks at why ChatGPT should be part of your threat landscape.
Kondukto and GitGuardian have teamed up to provide an integration that brings together their knowledge in AppSec orchestration and automated secrets detection.
In this blog post, we'll cover some best practices for managing AWS secrets when using the AWS SDK in Python.
DevOps engineers must handle secrets with care. In this series, we summarize best practices for leveraging secrets with your everyday tools.
When protecting your SDLC, you must choose. But choose wisely. For as the True Grail will bring you life. The False Grail will take it from you.
Learn the benefits of policy as code and start testing your policies for cloud-native environments.
You might already be using a Cloud IDE for certain projects. This exciting evolution of the local dev environment has a lot of advantages but also brings some new risks. This article will help you stay safe as you embrace the cloud for your coding needs.
We're happy to present you our Secrets Management Maturity Model, a model to help your organization make sense of its actual posture and how to improve it.
New research by CyberNews has revealed that there are millions of private git repositories that are, in fact, not all that private.
We’re introducing a new Role-based Access Management (RBAC) system with “Teams” in your GitGuardian Internal Monitoring workspace. Bring Dev, Sec, and Ops together and fix hardcoded credentials faster than you ever thought possible!
Learn more about what is a Software Bills Of Materials, why use it, what are the standards and how to automate it with Continuous Integration.
In this article, we’ll be going over the 1.1 revision of The Secure Software Development Framework that was published earlier this year.
In recent years, resorting to MSPs has become very popular for companies wanting to accelerate the digitization of their businesses. With this surge in popularity, MSPs now face the question: how to ensure we can meet our cybersecurity responsibilities?
In this tutorial, we will show how to integrate GitGuardian Shield to run on one of the most famous CI tools: Jenkins (with a cool bonus!).
This article aims to provide application security teams with a guide to effectively prioritize, investigate and remediate hardcoded secrets incidents at scale.
In their latest white paper, GitGuardian examines why implementing DevSecOps at scale to protect the modern software factory means evolving traditional AppSec. Read more to learn how the shared responsibility model adoption will unlock security in an agile world.
Infrastructure as Code is slowly but surely becoming norm for organizations that seek automation and faster delivery. Learn the big concepts powering it in this article.
More and more parts of the software development process can occur without human intervention. However, this is not without its drawbacks. To keep your code and secrets safe, you should add the following security practices to your CI pipeline.
In this second episode, we will go through the NSA/CISA security recommendations and explain every piece of the guidelines.
The NSA and CISA recently released a guide on Kubernetes hardening. We'll cover this guide in a three part series. First, let's explore the Threat Model and how it maps to K8s components.
In this article, we will explain why Docker images can contain sensitive information and give some examples of the type of secrets we found in public Docker images. Finally, we will compare our results to the ones we have with source code scanning.
Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images. Harden your pipeline by scanning for leaked secrets and credentials with the help of GitGuardian's gg-shield action.
Static and dynamic app testing are cornerstones for any comprehensive AppSec program, yet they rarely rise up to the challenges of fully securing modern software. Discover why secrets are one of their critical blind spots.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
