GitGuardian has allied with CyberArk to streamline secrets detection and management by making it easier to share insights.
Sonar Adds Secrets Detection to Code Analysis Portfolio
Sonar has added a secrets detection capability to its portfolio of tools for analyzing code and DevOps workflows.
GitGuardian Adds Tool for Discovering Secrets in Public Repositories
GitGuardian added a tool that makes it possible for DevOps teams to search GitHub repos to determine if secrets have inadvertently found their way into other apps.
Pulumi Previews Tool to Integrate Secrets and Infrastructure Management
Pulumi previewed a tool that enables DevOps teams to unify environments, secrets and configuration (ESC) management.
HashiCorp Acquires BluBracket to Extend Secrets Management Reach
HashiCorp this week acquired BluBracket to add a set of static secrets discovery tools to its portfolio.
GitGuardian Survey Surfaces Secrets Management Challenges
A survey of 507 IT decision-makers in the U.S. and the United Kingdom published today found 75% of respondents said a secret leaked from at least one application, with 60% noting that the leak caused issues for either the company, employees or both. Conducted by Sapio Research on behalf of GitGuardian, a provider of a […]
GitGuardian: 10M Exposed Secrets on GitHub
GitGuardian published an analysis of more than one billion commits to GitHub repositories that found 10 million occurrences of secrets, with one out of 10 developers exposing a secret. Mackenzie Jackson, a developer advocate for GitGuardian, said more than 80% of all the secrets caught by live monitoring GitHub were exposed through personal repositories, with […]
GitGuardian Tightens Integration With GitHub to Secure Secrets
GitGuardian has expanded its ability to secure code repositories by providing deeper integration with GitHub. Ziad Ghalleb, product marketing manager for GitGuardian, said the results of security scans are now provided in the context of pull requests alongside suggestions for remediating issues. The company also expanded developer onboarding options by adding an application programming interface […]
The Scanner We Really Need
IT has scanners for everything. And by everything, I mean everything. We scan source code for vulnerabilities and data leaks. We scan apps for vulnerabilities. We scan the network for holes. We scan our cards for access … Okay, that last one doesn’t fit, but you get the idea. Know what we don’t scan for […]
Managing Hardcoded Secrets to Shrink Your Attack Surface
The practice of hardcoding secrets—such as authentication credentials, passwords, API tokens and SSH Keys—as non-encrypted plain text into source code or scripts has been common in software development for many years. It is an easy way to save time and labor, but it is also highly insecure. The issue is that anyone with access to […]