September 3, 2024 at 03:42AM Summary: Secrets, like API keys and passwords, pose a significant risk when accidentally shared in collaboration tools. Machine identities now outnumber human identities, and secrets are found not only in code but also in tools like Slack and Jira. Integrating platforms like GitGuardian for real-time monitoring and training teams on … Read more
May 20, 2024 at 08:12AM Developers often rely on open-source components, which account for the majority of modern software. However, vulnerabilities often stem from these components. GitGuardian’s Software Composition Analysis (SCA) enables developers to scan for CVEs before committing code, ensuring early detection and prevention of known vulnerabilities. GitGuardian SCA is available for a 2-week … Read more
April 11, 2024 at 10:27AM GitGuardian’s 2023 and 2024 reports revealed significant security concerns in public repositories. The 2024 report found 12.8 million new exposed secrets on GitHub and highlighted security risks in PyPI. The report emphasizes the prevalence of open-source packages and stresses the importance of proper secret management to prevent potential exploitation. After … Read more
April 11, 2024 at 07:45AM GitGuardian’s 2024 report reveals over 12.8 million new exposed secrets in GitHub and highlighted potential threats in the PyPI repository. While Python developers widely use open-source packages, the report identifies the risks of exposing sensitive credentials. The article emphasizes the importance of proper secrets management and advises adopting automation tools … Read more
November 24, 2023 at 06:18AM GitGuardian’s engineers have developed a secret-fingerprinting protocol for their HasMySecretLeaked service, which helps developers find out if their secrets have been exposed in public GitHub repositories. By encrypting and hashing the secret and sharing a partial hash with GitGuardian, they can match potential secrets without exposing sensitive information. Users can … Read more
November 14, 2023 at 07:09AM Code security firm GitGuardian has discovered thousands of hardcoded credentials in Python code committed to PyPI packages. Over 4,000 unique secrets were found in nearly 3,000 packages, with more than 760 of them being valid. The leaked secrets included keys and credentials for popular services such as AWS, Azure AD, … Read more