%term

Security Lessons For All From GitHub's Hardened Package Publication For npm

Oct 2, 2025 By Dwayne McDaniel In GitGuardian

GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.

Read Post

GitGuardian

Read more about Security Lessons For All From GitHub's Hardened Package Publication For npm

How to Use NHI Governance as Your Central Dashboard to Monitor AWS IAM

Sep 29, 2025 By Tiexin Guo In GitGuardian

Let's have a look at how to integrate NHI Governance with AWS IAM to get detailed security insights into your dashboard.

Read Post

GitGuardian

Read more about How to Use NHI Governance as Your Central Dashboard to Monitor AWS IAM

Interview with Alex Rich, the VP of Sales at GitGuardian

Sep 26, 2025 By GitGuardian In GitGuardian

Learn about our NHI Governance capabilities providing complete asset visibility, OWASP Top 10 compliance, and how we're tackling AI challenges where coding agents replicate exposed secrets at scale.

View Video

GitGuardian

Read more about Interview with Alex Rich, the VP of Sales at GitGuardian

Shai-Hulud attack: 800 private repositories went public

Sep 26, 2025 By GitGuardian In GitGuardian

Our security researcher Gaetan Ferry shared his take on the recent supply chain attacks with Mackenzie Jackson @TheSecureDisclosure.

View Video

GitGuardian

Read more about Shai-Hulud attack: 800 private repositories went public

OWASP AppSecDays France 2025: Learning To Defend The Global Supply Chain Together

Sep 26, 2025 By Dwayne McDaniel In GitGuardian

OWASP AppSecDays France 2025 explored supply chain trust, CI/CD as the new perimeter and passkeys, showing how shared guardrails make secure delivery possible.

Read Post

GitGuardian

Read more about OWASP AppSecDays France 2025: Learning To Defend The Global Supply Chain Together

GitGuardian Introduces One-Click Secret Revocation to Accelerate Incident Response

Sep 23, 2025 By Soujanya Ain In GitGuardian

Secure your secrets with GitGuardian's new one-click revocation. Instantly neutralize exposed secrets to close the attack window and automate your incident response.

Read Post

GitGuardian

Read more about GitGuardian Introduces One-Click Secret Revocation to Accelerate Incident Response

Prioritizing Your GitGuardian Incidents

Sep 19, 2025 By GitGuardian In GitGuardian

In this video, you will learn how to cut through the noise and prioritize your GitGuardian incidents with confidence. From understanding incident fields to using filters, views, and severity scoring, this walkthrough shows you exactly how to focus on what matters most. Take control of your backlog and streamline remediation to strengthen your team’s security posture. Chapters.

View Video

GitGuardian

Read more about Prioritizing Your GitGuardian Incidents

Who Governs Your NHIs? The Challenge of Defining Ownership in Modern Enterprise IT

Sep 19, 2025 By Dwayne McDaniel In GitGuardian

Learn how to shift the conversation from "who’s to blame" to "who has context" in managing non-human identities across modern enterprise IT infrastructure.

Read Post

GitGuardian

Read more about Who Governs Your NHIs? The Challenge of Defining Ownership in Modern Enterprise IT

Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

Sep 17, 2025 By Soujanya Ain In GitGuardian

Discover how to automatically detect secrets in GitLab CI logs using ggshield and GitGuardian's Bring Your Own Source initiative. Learn to set up real-time scanning to prevent credential leaks, enhance compliance, and secure your entire CI/CD pipeline from hidden risks.

Read Post

GitGuardian

Read more about Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

Shai-Hulud: A Persistent Secret Leaking Campaign

Sep 16, 2025 By Gaetan Ferry In GitGuardian

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction with a malicious GitHub actions workflow injection in accessible projects. The compromised packages' structure has been detailed in blog posts by socket.dev and StepSecurity.

Read Post

GitGuardian

Read more about Shai-Hulud: A Persistent Secret Leaking Campaign

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security Lessons For All From GitHub's Hardened Package Publication For npm

How to Use NHI Governance as Your Central Dashboard to Monitor AWS IAM

Interview with Alex Rich, the VP of Sales at GitGuardian

Shai-Hulud attack: 800 private repositories went public

OWASP AppSecDays France 2025: Learning To Defend The Global Supply Chain Together

GitGuardian Introduces One-Click Secret Revocation to Accelerate Incident Response

Prioritizing Your GitGuardian Incidents

Who Governs Your NHIs? The Challenge of Defining Ownership in Modern Enterprise IT

Detect Secrets in GitLab CI Logs using ggshield and Bring Your Own Source

Shai-Hulud: A Persistent Secret Leaking Campaign

Monthly Archive

Follow Us