Doomed Keys and Hidden Threats: The Scariest Secrets in Your Repositories

At GitGuardian we see things that no one should ever see. We detect and collect leaked secrets that are so hideous we could lose our sanity. Let us introduce you to some of the most terrifying leaks we saw this year. If you dare.

Gaetan Ferry

31 Oct 2024 – 6 min read

Security Zines

Precision & Recall [Security Zines]

Or how to find a key in a code haystack

Thomas Segura

28 Oct 2024 – 2 min read

Secrets detection

The Extent of Hardcoded Secrets: From Development to Production

This blog post provides a data-driven breakdown of where secrets have been discovered in recent years, with detailed examples highlighting the risks, starting from the developer boundary to the lesser-known infrastructure one.

Guillaume Valadon

24 Oct 2024 – 6 min read

Product News

Real-Time Secrets Security for Developers with GitGuardian’s Extension for Visual Studio Code

Enhance your secure coding practices with GitGuardian’s Visual Studio Code extension. Detect secrets in real-time by embedding security into developers' workflows, boosting productivity and ensuring compliance.

Ferdinand Boas

10 Oct 2024 – 5 min read

Secrets detection

Protect Your Company Secrets: Free GitHub Leaks Audit in One Click

Discover how exposed your company is on public GitHub, anonymously and for free.

Thomas Segura

24 Sep 2024 – 2 min read

Secrets detection

How Popular Malware Is Stealing Credentials and What You Can Do About It

Credentials are prime targets for attackers, as they make it easy to access resources as legitimate users without discovering vulnerabilities or using technical exploits. Malware authors know how interesting these low-hanging fruits are and are coming after your secrets!

Guillaume Valadon

6 Sep 2024 – 3 min read

Breach explained

The Secrets of the New York Times Source Code Breach

The New York Times had their entire codebase leaked. In this article we explore what was inside that code, how the leak happened and what the risk for the New York Times going forward is. (Spoiler we found thousands of secrets).

Mackenzie Jackson

2 Aug 2024 – 7 min read

Security Research

Demystifying GitHub Private Forks - The Hidden Danger of Cached View

Some explanations about the hidden danger of GitHub features that allow anyone to access commits you thought had been deleted.

Guillaume Valadon

1 Aug 2024 – 2 min read

Product News

Fix Your Code, Track the Remediation

Enhance your secrets remediation process with GitGuardian’s new features: pinpoint the locations needing code fixes and track the progress in real time. Discover how these tools can boost efficiency, enhance collaboration, and shorten remediation times.

Soujanya Ain

12 Jul 2024 – 4 min read

Secrets detection

Zombie Leaks: Unrevoked Secrets Lurking on GitHub

Don't let zombies haunt your security posture.

Thomas Segura

29 Apr 2024 – 5 min read

Secrets detection

The State of Secrets Sprawl 2024

The State of Secrets Sprawl 2024 report by GitGuardian uncovers a 28% increase in leaked secrets on GitHub, revealing an urgent need for significantly improved security practices.

Thomas Segura

12 Mar 2024 – 3 min read

Secrets detection

GitHub's Default Push Protection: Enhancing Open-Source Security with Limitations to Consider

GitHub's Push Protection is now enabled by default for all public repositories, a big milestone for open-source security! Find out the key points you need to keep in mind before using it to safeguard your code repositories.

Thomas Segura

27 Feb 2024 – 7 min read