Whitepaper - Implementing Automated Secrets Detection for Application Security
Learn more
7
login public monitoring
login private monitoring
contact us
Products
Monitor public GitHub
Monitor internal repos
Pricing
Resources
Learning Center
White Paper
Wall of Fame ❤️
Documentation
Open Source
API Documentation
Roadmap
Blog
Get a demo
SIGN UP FOR FREE
Internal Monitoring
Products
Monitor public GitHub
Monitor internal repos
Pricing
Resources
Learning Center
White Paper
Wall of Fame ❤️
Documentation
Open Source
API Documentation
Roadmap
Blog
Schedule a demo ➜
Secrets Detection
Learning Center
Automated secrets detection & remediation handbook
for dev, sec, ops.
Learn more about secrets detection
Whether you’re brand new to secrets detection, or want to learn advanced remediation strategies, this is your hub for secrets detection knowledge.
Secrets and secret sprawl
READ MORE
1
What are secrets in the software development world?
2
What is secret sprawl?
3
What are some of the best practices to securely manage secrets like API keys?
4
What are the threats associated with secret sprawl?
5
What makes secret sprawl such a common problem?
Secrets detection for Application Security
READ MORE
1
My source code is private, so why is hardcoding credentials in git considered a bad practice?
2
Why automate secrets scanning throughout the Software Development Life Cycle (SLDC)?
3
How does secrets detection compare with Static Application Security Testing (SAST)?
4
What are git hooks?
5
What is a pre-commit hook?
6
What is a pre-receive hook?
7
What is a post-receive hook?
8
Where in the DevOps pipeline to implement automated secrets scanning? Client-side or server-side?
9
Should secrets detection be blocking or non-blocking in the SDLC?
How to detect secrets in source code?
READ MORE
1
Why is it hard to detect secrets like API keys and other credentials?
2
Why do code reviews fail at finding secrets in source code?
3
What is a "good" secrets detection algorithm?
4
What is a false positive in secrets detection?
5
Are secrets detection algorithms language-dependent?
How to remediate sensitive data leaks such as API keys hardcoded in source code?
READ MORE
1
How to remediate secrets leaked publicly (on public GitHub for example)?
2
How to remediate secrets exposed internally (in a private repository for example)?
3
How to rewrite the git history and remove sensitive data from git?
4
How to deal with intellectual property leaks on GitHub?
GitGuardian and alternatives
READ MORE
1
What is GitGuardian?
2
What is GitGuardian Public Monitoring?
3
What is GitGuardian Internal Repositories Monitoring?
4
What are the GitGuardian's alternatives?
