- Видео 163
- Просмотров 237 018
GitGuardian
Франция
Добавлен 14 апр 2020
GitGuardian is the code security platform for the DevOps generation.
With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
Introducing The GitGuardian VSCode Extension
It just got even easier to keep secrets out of your git history with the release of the GitGuardian VSCode extension.
With GitGuardian's VSCode extension, developers will know they have added a secret to a file when you save; before they even get to the 'git add' step.
You can install it from the official Visual Studio Marketplace or directly in VSCode through a quick search in the extensions menu,
Install GitGuardian's VSCode extension and never accidentally commit a secret again!
Get the plugin here:
marketplace.visualstudio.com/items?itemName=gitguardian-secret-security.gitguardian
With GitGuardian's VSCode extension, developers will know they have added a secret to a file when you save; before they even get to the 'git add' step.
You can install it from the official Visual Studio Marketplace or directly in VSCode through a quick search in the extensions menu,
Install GitGuardian's VSCode extension and never accidentally commit a secret again!
Get the plugin here:
marketplace.visualstudio.com/items?itemName=gitguardian-secret-security.gitguardian
Просмотров: 88
Видео
Good Enough: Practical Zero Trust Posture in The Software Supply Chain
Просмотров 2621 час назад
We all want to have the best security posture possible, especially when it comes to our mission-critical applications. This is also true for any software we publish that is used in the software supply chain. Every security team dreams of fully implementing Zero Trust as the standard across the whole of the organization and having flawless defenses. In reality, though, security is a never-ending...
Customize Your Team's Remediation Messages In ggshield
Просмотров 2414 дней назад
We are very proud to announce that you can now easily provide your own custom remediation messages in ggshield, the GitGuardian CLI. Earlier versions of ggshield offered the same general remediation advice to all users if a secret was detected when using git hooks for automated scanning. We are now empowering teams to provide tailored guidance to all their developers at the pre-commit, pre-push...
GitGuardian's FP Remover Dramatically Reduces False Positive In Scans
Просмотров 2721 день назад
Do you hate false positives in your secrets scan results? We do too. GitGuardian has introduced a whole new approach to eliminating false positives, eliminating them by around 50% so far. And we are just getting started! GitGuardian's Machine Learning experts and Secret Detection team have created "FP Remover", a new in-house machine learning model that significantly reduces false positives by ...
Install ggshield On macOS Using Signed .pkg Files
Просмотров 53Месяц назад
MacOS users can now opt to install ggshield using our new signed packages. Installing ggshield, the GitGuardian CLI is a very quick process, but traditionally has required use of python's pip or homebrew on a macOS system. With the release of ggshield 1.27.0 we are now proud to offer signed DOT P G K files, making it possible to easily distribute ggshield to your team and leverage the official ...
Detect Secrets In Microsoft Teams With GitGuardian
Просмотров 45Месяц назад
GitGuardian can now help you find and remediate secrets exposed in your Microsoft Teams channels. We have extended the real-time detection capability of our secrets detection platform to include the popular communications tooling to help teams better fight secrets sprawl throughout their organizations Once integrated, whenever a plaintext credential is accidentally posted to Teams messages, Git...
Designing Secure and Private Software by Default with Chris Romeo from devici
Просмотров 40Месяц назад
The current state of application security often leaves us reacting to data breaches and unauthorized disclosures well after they have occurred. How do we change this reactive reality? In this webinar, we’ll discuss this and other questions: - What are the CISO/security and privacy team absolutes or non-negotiables? - How has modern AppSec failed these constituents? - What are design decisions, ...
How Bouygues Telecom reduced their secrets by 60%
Просмотров 64Месяц назад
Bouygues Telecom, a leading telecom company serving around 15 million customers, found an innovative solution to their secrets security challenges with GitGuardian. The company's Head of CICD Frameworks, Oliver Ribardiere, shared his company's experience with the self-hosted GitGuardian solution in this interview.
Delivering Security on Your Terms: An Intro to Self-Hosted
Просмотров 962 месяца назад
Join us for a comprehensive webinar on self-hosted solutions, featuring industry experts Romain Jouhannet from GitGuardian, Adrian Mouat from Chainguard and Chuck D'Antonio from Replicated. The discussion will delve into: Challenges of On-Prem Deployments: We will explore the complexities and distribution challenges associated with on-prem solutions. Secure & Scalable On-Prem Experiences: We'll...
Find And Remediate Secrets In Confluence Cloud With GitGuardian
Просмотров 752 месяца назад
Good news! GitGuardian can now help you find and remediate secrets exposed in Confluence Cloud. We have helped thousands of teams remediate plaintext secrets in their codebases and tools like Jira and Slack. Now, we have extended the real-time detection capability of our platform to cover this popular wiki, collaboration, and knowledge-sharing platform. Once integrated, GitGuardian will alert y...
Introducing GitGuardian's Remediation Location & Tracking
Просмотров 472 месяца назад
Remediation is one of the most challenging aspects of fighting secrets sprawl. Finding exactly the right code to address and then tracking when and how it was fixed can get cumbersome, Especially when dealing with multiple projects and teams. We are proud to Introduce Remediation Location and Tracking to your GitGuardian incidents detail view. With our new Pinpoint location within the Impacted ...
Secrets in Plain Sight: Unveiling over 1 million secrets on public websites
Просмотров 663 месяца назад
Join us at CodeSecDays for an insightful session with Cybernews researcher Vincentas Baubonis, who will reveal how their team discovered 1,141,004 secrets across 58,364 websites. Learn how exposed environment (.env) files containing passwords, API keys, and email credentials can lead to data breaches and site takeovers. We’ll discuss common leaked secrets like database credentials and AWS keys,...
How to augment DevSecOps with AI?
Просмотров 3113 месяца назад
Join us for a roundtable on GenAI's dual role in cybersecurity. Experts from GitGuardian, Snyk, Docker, and Protiviti, with Redmonk, discuss threat mitigation versus internal tool adoption, securing coding assistants, leveraging LLMs in supply chain security, and more. Gain valuable insights on harnessing GenAI to enhance your DevSecOps practices.
Extending Snyk's Power Holistic Security with New GitGuardian Integration
Просмотров 773 месяца назад
Learn how Snyk AppRisk Pro enables improved application visibility and discovery, risk-based prioritization, and security coverage management. The new integration with GitGuardian plays a critical role in extending the visibility of Snyk AppRisk across application security programs to help AppSec teams better manage their entire overall program.
Unlock Use Cases for Successful Secrets Security
Просмотров 293 месяца назад
Developer and security teams often clash on securing secrets for machine identities. In this session, we explore differences in securing human vs. machine identities. We offer practical solutions for secrets sprawl, discuss 'vault sprawl,' and share strategies for centralized secrets management that won’t slow down development.
Defend Against Open Source Supply Chains Risks
Просмотров 263 месяца назад
Defend Against Open Source Supply Chains Risks
Address Security Issues Before They Hit Production with Docker Scout
Просмотров 213 месяца назад
Address Security Issues Before They Hit Production with Docker Scout
Thousands of Secrets Leaked... Now How to Remediate?
Просмотров 453 месяца назад
Thousands of Secrets Leaked... Now How to Remediate?
How to build a better security and developer relationship?
Просмотров 663 месяца назад
How to build a better security and developer relationship?
Secure Your Software Delivery Pipeline
Просмотров 403 месяца назад
Secure Your Software Delivery Pipeline
How Bazaarvoice revoked 75% of exposed secrets within 3 months
Просмотров 553 месяца назад
How Bazaarvoice revoked 75% of exposed secrets within 3 months
How GitGuardian Enhanced Vermeer's Software Development Security
Просмотров 733 месяца назад
How GitGuardian Enhanced Vermeer's Software Development Security
How GitGuardian Provides Peace of Mind for Kubefirst
Просмотров 353 месяца назад
How GitGuardian Provides Peace of Mind for Kubefirst
Code Fast, Secure Smarter: The Dual Path of AI Development
Просмотров 1474 месяца назад
Code Fast, Secure Smarter: The Dual Path of AI Development
Introducing GitGuardian's Advanced Jira Cloud integration
Просмотров 925 месяцев назад
Introducing GitGuardian's Advanced Jira Cloud integration
Understanding AI Package Hallucination: The latest dependency security threat
Просмотров 2705 месяцев назад
Understanding AI Package Hallucination: The latest dependency security threat
Understanding Supply Chain Risk - Using SCA to protect your application
Просмотров 2716 месяцев назад
Understanding Supply Chain Risk - Using SCA to protect your application
Manage secrets with AWS Secrets Manager with Python - Tech Tip Tuesday
Просмотров 1,3 тыс.6 месяцев назад
Manage secrets with AWS Secrets Manager with Python - Tech Tip Tuesday
Detect secrets in Slack channels with GitGuardian
Просмотров 1516 месяцев назад
Detect secrets in Slack channels with GitGuardian
Microsoft attacked by Russian hackers - Midnight Blizzard breach explained
Просмотров 2,8 тыс.6 месяцев назад
Microsoft attacked by Russian hackers - Midnight Blizzard breach explained
Handy and thank you. But you need a JDK which on my old mac was not easily possible. Crazy! Git should have something inbuilt to handle this better.
If I need testing a private repository, GitGuardian can review this code? O not?
Yes It can.
South Africa
Not sufly this coding
Bro. Actually I have seen a lot. This video matches exactly my expectation.
Much needed!!. Keep up the good work, you are doing great mack
Thank you! Will do!
HACK -- Helped that goth - murder another - of them devils! You be, in the clan!
How would u, ever know, any TOKYO CHRX -- data? DUM AS
Great video.
Thanks!
what about multiple branches, do we need to do it for all the branches ?
Bro I am seeing this video on a Tuesday coincidentally
am really exited to use your app , loved it ❤
fuk somsung fuk hscker fuk chaina fuk lock account im fro to fuk chaina fuk somsung fuk hacker fuk zero pro fuk somsung
best .gitignore video I've seen so far with more advanced examples
Thanks a lot
Most welcome
It was great hear from jeroen Willemsen sir, I admire his works in wrongsecrets
Yeah, Jeroen Willemsen is awesome in "Wrongsecrets"! Thanks for checking out the video!
Thanks gitguardian!
Welcome!
Gitleaks would be one job in a push commit pipeline lol
Very helpful!
Glad you think so!
will this work on GitHub desktop ?
Very helpful, thank you!
Thank you for watching and finding it helpful!
Dirty rug too, thankyou great information 👍
Thanks for watching!
2024 update?
Other people could be an auto BOT, how would the dumb know? When you all they do is trawl seach or buy? First you have to educate the ignorant.
Got an email few days back from GitGuardian detecting my github history for a committed RSA private key, Now I am watching this :D
Basically cool explanation. Unfortunately I cannot give to my dev team due to the joke. One of the devs is a dad who experience a similar thing at school and it would really hurt him. :(
Thank you, this has helped me !
You're welcome!
what if you want to publish the code in github?
Make sure you put the keys in a .Env file and then add that to the .gitignore file so the keys never make it to GitHub.
nicely explained.
Thanks for liking
Who do you contact if all your credentials have been hijacked
fuk somsung fuk hscker fuk chaina fuk lock account im fro to fuk chaina fuk somsung fuk hacker fuk zero pro fuk somsung
I work in an IA company, I have to say... GPT is flawed, it is just a step for something else. Hallucination = We don't know what would be the answer, we can tweak, but ultimately we are never 99% sure of the answer, and for a lot of use cases this is absolutely inacceptable. Most of our clients have a hard time tuning their setup.
It is going to be very interesting to watch what comes next. Thanks for sharing your insights
how can I use this inside Aws Services like ERM-Studio? tnx
You might want to try using AWS secrets manager for AWS native environments ruclips.net/video/as4gWjQYrHc/видео.htmlsi=v8-fL7fkpw3lJQGE
thank you, excellent
Nice going Microsoft. That's why I always use Linux
You should read about the latest linux backdoor then :)
@@TheExoryderWhich only made it into rolling releases, for like 24 hours until it got caught and did any damage. No production systems affected. Also, that exact same backdoor was making it’s way into Windows and they only found it because it was on Linux first.
@@TheExoryderIf this happened in Windows, you’d have known a couple months after the breach, there was a breach… No idea how affected you were.
Please do a video on pre-commit framework
Sure thing @eswarm1234
Thanks for the insight
Thank you! Very well explained!
thanks!
Why do you need os then?
The secrets are stored in the os environment so you need to call os to interact with them. env_var = os.environ
Remember that Putin and his minions are Supported by Trump and his Idiots. We can never have national security with the backward regressive atavistic Republicans in power.
They can rot
that’s really scary. there are so many organizations, businesses and individuals that use microsoft services. could the windows operating system be affected? and if so, will my passwords be safe if i save them on chrome or should i move them to a whole different device like my iphone’s password manager?
Right now it doesn't appear that the attack has affected any Microsoft core products. It would be extremely difficult for the attackers to infect the operating systems of users, they would need to inject malware into an update and right now they do not appear to have sufficient access to be able to do that, it is also not likely they will be able to get that access (but not impossible)
Amazing explanation. Thank you!
great video
were the cloudfare lava lamps bypassed or is it a different area
2:38 - Attackers were not (and are not) able to gain persistant access from the read only tokens that were compromised.
It is if it allows you to gather more data for instance discover more secrets. Also there is no evidence (at least not publicly) that the 4 secrets stolen from okta were read only, especially considering they were able to manipulate Jire Script Runner
Excellent breakdown of the breach. Thank you!
Thanks! means alot
Good
What does mean 25 developers contribute? If i use free plan it will be limited for 25 developers You mean developers who make commit on Azure DevOps repo for example which integrated gitgardian? Or 25 admin on gitgardian dashboard itself?
It is based off total developers contributing to the repositories (so for Azure repos how many active contributors). If you have less than 25 I can upgrade you to the full business plan which comes with lots of API usage. More than that you will need an enterprise account. However you can still use GgShield for free but you might run out of API calls if integrated. Feel free to contact us if you need more help :)
Is ggsahield with pre-commit free for unlimited repos and developers?
Yes, however you may be limited to API calls, if you need to exceed the limit you can request a free business account. Everything is free for up to 25 developers