GitGuardian scans your Docker images for secrets and sensitive data. Find hardcoded API keys, database credentials, private keys, and a lot more in your Docker images before publishing them to public or private artifact registries.
Follow the steps in the documentation
to install ggshield on your machine.
Hooray 🎉 You can now scan your first Docker image
for hardcoded secrets. Run ggshield scan docker <IMAGE_NAME>.
Each month more than 10K developers protect their code using GitGuardian and join the community.
I accidentally pushed a valid Slack Webhook URL into a github repository. In 5 minutes I got email from Slack and GitGuardian to warn me about the incident. That's great! 👏
👀 Finding secrets in Docker containers @GitGuardian scanned ~2K public containers, and found secrets in ~7% Pro tip: Use the Docker manifest file to focus on layers where either files are manually added or copied, or environment variables are modified
@GitGuardian Thanks for your help in keeping @dolibarr and @dolicloud safer.
@GitGuardian Great way to discover public repos with sensitive code its a cool way to guide your repos #100DaysOfCode #coding
[Tutorial] Shift your CI left with GitHub Actions
Learn how to build a modern CI pipeline using GitHub Actions to achieve testing, building, and pushing Docker images.Harden your pipeline by scanning for leaked secrets and credentials with the help
[Research] Hunting for secrets in Docker Hub: what we’ve found
In this article, we will explain why Docker images can contain sensitive information and give some examples of the type of secrets we found in public Docker images. Finally, we will compare our result
How to improve your Docker containers security [cheat sheet included]
Containers are no security devices. That's why we've curated a set of easily actionable recommendations to improve your Docker containers security. Check out the one-page cheat sheet.
Connect with our product experts
and get a 1:1 demo