While Artifactory tokens aren't the most common leaked secrets, GitGuardian's research reveals their critical nature in corporate environments. Recent investigations across major industries show how these tokens frequently expose sensitive resources through build configurations and DevOps code.
On December 4, 2024, the Ultralytics Python module was backdoored to deploy a cryptominer. Using GitGuardian’s data, we reconstructed deleted commits, connecting the dots with the initial analysis. This investigation highlights the value of GitGuardian’s data in understanding supply chain attacks.
At GitGuardian we see things that no one should ever see. We detect and collect leaked secrets that are so hideous we could lose our sanity. Let us introduce you to some of the most terrifying leaks we saw this year. If you dare.
Docker Zombie Layers are unreferenced image layers that continue to exist for weeks in registries, even after being removed from a manifest. In this hands-on deep dive, we explore how these layers can persist in registries and why ensuring the immediate revocation of exposed secrets is critical.
This month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already!
Explore security findings from Datadog's research into recent attacks, highlighting two sophisticated attack methods and vital lessons in secrets security.
Discover how seemingly minor mistakes, like leaking a secret to a non-publicly accessible resource, can lead to a major breach. In this engaging scenario, see how an attacker would chain vulnerabilities to access highly sensitive areas, and learn a valuable lesson along the way.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
