SBOMs are security analysis artifacts becoming required by more companies due to internal policies and government regulation. If you sell or buy software, you should know the what, why, and how of the SBOM.
The open-source world narrowly escaped a sophisticated supply-chain attack that could have compromised countless systems. A stark reminder of the necessity of vigilant monitoring and rigorous vetting within the open-source ecosystem to maintain trust and security.
...despite all intentions to follow best practices, they don't. When you automate enforcement of best practices, you can ensure those practices are followed...
Discover how honeytokens enhance security by detecting breaches in real-time across the software development lifecycle. Learn how to deploy these decoy credentials and traps effectively, bolstering defenses against cyber threats.
Let's walk through nine of the top secrets management solutions for 2024.
Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.
A condensed recap of our hands-on runtime security webinar from September. Get the juiciest knowledge nuggets and pointers to more.
Typosquatting and dependency confusion are two common tactics used by hackers to exploit open-source package repositories. Understand how these attacks work and discover preventive measures to secure your infrastructure.
SaaS-Sentinel is a free monitoring platform that notifies users when their favorite tool might be under attack, helping them stay on top of supply chain risks. Here is the full story of this innovative project that seeks to democratize the use of honeytokens. Join the adventure today!
In this final part, we'll discuss more software supply chain security frameworks and the critical role of secrets detection in them. We'll explore the NIST SSDF, SLSA, and OSC&R frameworks and how they cover the topic of secrets in software supply chain security.
The ability to sign and verify the integrity and origin of software artifacts, such as Docker images, is critical to supply chain security. Let's try Sigstore, a new standard that promises to make this process much easier.
Misleading attackers to trigger alarms can stop them in their tracks and keep damage to a minimum. Honeytokens, like the ones you can make with GitGuardian Honeytoken, let you easily set such traps.
GitGuardian is the code security platform for
the DevOps generation.
With automated secrets detection and
remediation, our platform enables Dev, Sec, and Ops to advance together
towards the Secure Software Development Lifecycle.
Subscribe to our newsletter to receive the latest content and updates from GitGuardian.
