The Hidden Challenges of Automating Secrets Rotation: Why Automatic Credential Rotation Isn’t a One-Click Solution

Automating secrets rotation requires maturity and planning. Let's look at how to inventory, scope, and secure credentials without risking downtime or vulnerabilities.

Dwayne McDaniel

3 Dec 2024 – 8 min read

Announcing "Crafting Secure Software," GitGuardian's Guide to Security by Design!

DevSecOps

Best practices

GitGuardian

Announcing "Crafting Secure Software," GitGuardian's Guide to Security by Design!

Exciting news! Our first book, "Crafting Secure Software," is now available. Learn how to embed security throughout the SDLC, mitigate risks, and foster a security culture. Get your copy today and level up your software security game!

Thomas Segura

25 Sep 2024 – 2 min read

A Comprehensive Guide to SOPS: Managing Your Secrets Like A Visionary, Not a Functionary

Tutorials

DevSecOps

A Comprehensive Guide to SOPS: Managing Your Secrets Like A Visionary, Not a Functionary

Have you heard about SOPS? If you have already been in a situation where you needed to share sensitive information with your teammates, this is for you. Today, let's have a look at how it works and how to use it with various key management services such as AWS KMS and HashiCorp Vault.

Tiexin Guo

5 Sep 2024 – 22 min read

DevSecOps

Best practices

Always Be Updating: Why Regular Patching Is Non-Negotiable in DevSecOps

DevSecOps Engineer Gene Gotimer explains why constant software dependency updates are crucial for security in DevSecOps practices.

Guest Expert

31 Jul 2024 – 7 min read

DevSecOps

Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and more

Essential reading for developers and security professionals alike: a comprehensive comparison of vulnerability databases to help you cut through the noise.

Guest Expert

26 Jul 2024 – 8 min read

Tutorials

DevSecOps

Securing Containers with Seccomp

In this article we present a novel way to protect your container applications post-exploitation. This additional protection is called Seccomp-BPF.

C. J. May

25 Jul 2024 – 16 min read

DevSecOps

CVE of the month, the supply chain vulnerability hidden for 10 years CVE-2024-38368

For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368.

Mackenzie Jackson

3 Jul 2024 – 5 min read

DevSecOps

Container Security Scanning: Vulnerabilities, Risks and Tooling

Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.

Guest Expert

27 Jun 2024 – 15 min read

DevSecOps

Unlocking the Full Potential of GitGuardian: Empowering Developers In Code Security

Improve workflows with collaborative incident management to minimize vulnerabilities and enhance productivity with GitGuardian while empowering developers via ggshield.

Dwayne McDaniel

21 Jun 2024 – 7 min read

CVE of the month, CheckPoint Security Gateway exploit CVE-2024-24919

DevSecOps

Security Research

CVE of the month, CheckPoint Security Gateway exploit CVE-2024-24919

This month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already!

Mackenzie Jackson

14 Jun 2024 – 4 min read

DevSecOps

Why SAST + DAST can't be enough

Static and dynamic app testing are cornerstones for any comprehensive AppSec program, yet they rarely rise up to the challenges of fully securing modern software. Discover why secrets are one of their critical blind spots.

Thomas Segura

6 Jun 2024 – 7 min read

DevSecOps

Vulnerability Management

Pipeline Integrity and Security in DevSecOps

Last episode of C.J. May's series on implementing a DevSecOps program: how to harden your software delivery pipelines to maintain robust security measures.

Guest Expert

14 May 2024 – 13 min read