What to do if you expose a secret: How to stay calm and respond to an incident
Learn how to respond to a secret leak incident effectively. Follow our step-by-step guide to understand the impact, rotate secrets safely, and prevent future leaks.
Webinar Recap: Hands-on guide to Runtime Security for CI/CD Pipelines with StepSecurity
A condensed recap of our hands-on runtime security webinar from September. Get the juiciest knowledge nuggets and pointers to more.
8.5% of Docker Images Expose API and Private Keys
A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.
How to Secure Your Productivity Tools with GitGuardian Honeytoken
GitGuardian Honeytokens are potent tools in the cybersecurity toolkit, notifying you of any unauthorized activities in code repos, Jira, Slack, Linear, and more.
How to Secure Your IaC and Configuration Management Tools with GitGuardian’s Honeytoken
It is important to secure environments with intelligent solutions. GitGuardian Honeytoken can help protect your IaC and Config Management tools.
Code Security: Manual Code Reviews Ain't Enough
Manual code reviews provide a lot of value but are slow, error-prone, and don't scale. Automated testing can take a lot of pressure off review teams.
The Art of Protecting Secrets: Eight Essential Concepts for SecOps Practitioners
Secrets management is an art, and mastering it requires a deep understanding of security protocols, meticulous attention to detail, and a proactive approach to staying ahead of threats. In this blog, we present you with eight essential concepts to enhance your credential management strategy.
How Your Secrets Management Maturity Can Impact Your DevOps Research and Assessment Metrics
Learn how your secrets management can affect your DevOps performance, measured by DORA metrics, as well as increase your risk as an organization.
Lessons from Lapsus - CISO on Building a comprehensive secrets management program
Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.
Platform Engineering and Security: A Very Short Introduction
Is DevOps really dead? Learn about the rise of platform engineering and how it differs from DevOps in terms of self-service capabilities and automation. Discover how security fits into this new paradigm and the benefits of platform engineering for software development teams of various sizes.
Why ChatGPT is a security concern for your organization (even if you don't use it)
ChatGPT may not be used by all organizations and may even be banned. But that doesn't mean you don't have exposure to the security risks it contains. This post looks at why ChatGPT should be part of your threat landscape.
Review your hardcoded secrets incidents in Kondukto’s AppSec orchestration platform
Kondukto and GitGuardian have teamed up to provide an integration that brings together their knowledge in AppSec orchestration and automated secrets detection.
