CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

What is GitGuardian?

Meet GitGuardian. Learn more about what is GitGuardian, what solution we offer for automated secrets detection & remediation. Learn more why you should monitor public and private source code to detect API keys, database credentials, certificates and more.

Video Transcript

When we think about securing our software applications often we think about SAST tools such as Checkmarx or dependency vulnerability scanning. How then do we explain the emergence of a brand new application security category defined by major players in the industry such as GitHub and GitLab themselves? This new category we call secrets detection. What we call a secret is a digital authentication token. These are mostly API keys, security certificates or database credentials but can be anything that provides access to an external service or system. The problem is that organizations and software developers today, have to handle and protect hundreds if not thousands of these secrets, because of a radical shift in the way we build software. Applications are no longer the standalone monolith, they are built up of hundreds of independent services such as cloud infrastructure, payment systems, SaaS tools, microservices and so on. All of these systems need secrets to be able to talk to each other. But because these secrets are made to be used programmatically they often end up in source code. This is an issue because source code by nature is a very leaky asset. These secrets can end up sprawling into multiple different systems, a phenomenon we call secret sprawl. One of the worst places for these secrets to end up is within public GitHub repositories. But even if these stay within internal systems, secrets sprawl is still a big problem. This is because these internal systems are accessed by many people and it takes just one account to be compromised for an attacker to gain access to your organization's most sensitive information. At GitGguardian we have two complementary solutions to try and prevent secrets sprawl. First we scan public Github in real-time to uncover secrets that may belong to your organization that have been leaked and the second, we scan internal version control systems to uncover secrets that we believe should be considered compromised. These solutions not only help to investigate prioritize and remediate potential leaks but it fosters collaboration between development teams, security teams and ops teams. Today many organizations including fortune 500 companies trust GitGuardian to help them secure their software development lifecycle. GitGuardian has also attracted investment from prominent visionaries within the industry this includes Scott Chacon one of the founders of GitHub and Solomon Hikes the founder of Docker. This not only improves our ability to execute but validates our mission for our company and our products into the future. To find out more about GitGuardian and how we can help you secure your organization head to our website at GitGuardian.com and get a live demo using your organization's own data today.