📅 Webinar - September 29, 11AM EDT - Hunting for Secrets in Docker Hub: The leaks we found and how to prevent them
Save my spot!
7
login public monitoring
login private monitoring
contact us

Secrets Detection
Learning Center

Automated secrets detection & remediation handbook
for dev, sec, ops. 

Learn more about secrets detection

Whether you’re brand new to secrets detection, or want to learn advanced remediation strategies, this is your hub for secrets detection knowledge.

As a developer or ops team member you use thousands of secrets like API keys and other credentials in order to interconnect your application’s components together. If on the other hand you are a security team professional, you know companies face the risk of secret sprawl as secrets are distributed in all systems developers use. In both cases knowing more about the risk, how detection can be implemented, what the best practices are in terms of remediation should be on your agenda. The Learning Center is here for you. Each section will give you short and to the point elements to better understand each concept.

Secrets and secret sprawl

READ MORE
1
What are secrets in the software development world?
2
What is secret sprawl?
3
What are some of the best practices to securely manage secrets like API keys?
4
What are the threats associated with secret sprawl?
5
What makes secret sprawl such a common problem?

Secrets detection for Application Security

READ MORE
1
My source code is private, so why is hardcoding credentials in git considered a bad practice?
2
Why automate secrets scanning throughout the Software Development Life Cycle (SLDC)?
3
How does secrets detection compare with Static Application Security Testing (SAST)?
4
What are git hooks?
5
What is a pre-commit hook?
6
What is a pre-receive hook?
7
What is a post-receive hook?
8
Where in the DevOps pipeline to implement automated secrets scanning? Client-side or server-side?
9
Should secrets detection be blocking or non-blocking in the SDLC?

How to detect secrets in source code?

READ MORE
1
Why is it hard to detect secrets like API keys and other credentials?
2
Why do code reviews fail at finding secrets in source code?
3
What is a "good" secrets detection algorithm?
4
What is a false positive in secrets detection?
5
Are secrets detection algorithms language-dependent?

How to remediate sensitive data leaks such as API keys hardcoded in source code?

READ MORE
1
How to remediate secrets leaked publicly (on public GitHub for example)?
2
How to remediate secrets exposed internally (in a private repository for example)?
3
How to rewrite the git history and remove sensitive data from git?
4
How to deal with intellectual property leaks on GitHub?

GitGuardian and alternatives

READ MORE
1
What is GitGuardian?
2
What is GitGuardian Public Monitoring?
3
What is GitGuardian Internal Repositories Monitoring?
4
What are the GitGuardian's alternatives?