GitGuardian Enhances Platform
June 23, 2022

GitGuardian is announcing a series of new features to address developer experience in securing the software development lifecycle.

To reduce the risks of exposure of secrets in the software development lifecycle, GitGuardian is betting on what it has framed as the Application Security Shared Responsibility Model. The company is helping security teams partner with development teams to remediate swaths of existing vulnerabilities and prevent ones in the future. By getting the developer experience right, GitGuardian is turning the problem of secrets sprawl into an opportunity to break down organizational silos and infuse security in the software development lifecycle.

On top of an integrated platform, GitGuardian comes with ggshield – an open-source command-line interface (CLI) built for developers. Widely adopted by developer communities, ggshield helps thousands of developers and DevOps engineers keep secrets out of source code. To date, it is the most effective solution for preventing secrets from leaving developers’ workstations and getting exposed – saving security teams hours on investigation, remediation, and expensive paperwork.

To help large organizations deploy secrets detection and remediation on perimeters consisting of thousands of developers, GitGuardian is introducing:

- A new developer onboarding experience with an automated API key provisioning mechanism alongside a browser-based authentication flow for ggshield (GitGuardian CLI) – removing all barriers to enterprise adoption.

- Deeper integration with GitHub, to reveal the results of its security scans in the context of pull requests and provide developers with custom remediation guidelines.

- An easier configuration of ggshield (GitGuardian CLI) for pre-receive hooks to implement preventive secrets scanning (a.k.a. push protection) on GitHub Enterprise and GitLab self-hosted instances. This enables Version Control Systems administrators to deploy blocking checks for all incoming code contributions with a single setup.

- An improved RBAC system, supporting the creation of teams within the GitGuardian workspace to reflect security and engineering organizations. Each team will have a perimeter with its sources (e.g. GitHub, GitLab, or Bitbucket organizations or repositories) with team members having different levels of permission on incidents, according to their role in the organization.

Poor secret management practices and hardcoded credentials, in particular, are pervasive in the DevOps and cloud-native era. With each secret having 13 different occurrences, the effort required for remediation exceeds available resources within security teams (1 AppSec engineer for 100 developers)1 hence the need for a shared responsibility model involving developers.

In addition, when comparing public corporate codebases to private ones, GitGuardian found the latter to be four times more likely to expose a secret. The company concludes that, in the current state, private repositories permeate a false sense of security and are a (ticking) time bomb waiting to go off at any moment. Additional analysis by GitGuardian of the recent wave of source code leaks from companies like Twitch, Samsung and Nvidia, and Microsoft confirms this.

Share this

Industry News

March 18, 2024

Kubiya.ai announces the launch of its DevOps Digital Agents.

March 18, 2024

Aviatrix® introduced Aviatrix Distributed Cloud Firewall for Kubernetes, a distributed cloud networking and network security solution for containerized enterprise applications and workloads.

March 18, 2024

Stride announces the general availability of Stride Conductor, its new autonomous coding product that transforms the software development landscape.

March 14, 2024

CircleCI unveiled CircleCI releases, which enables developers to automate the release orchestration process directly from the CircleCI UI.

March 13, 2024

Fermyon™ Technologies announces Fermyon Platform for Kubernetes, a WebAssembly platform for Kubernetes.

March 13, 2024

Akuity announced a new offer targeted at Enterprises and businesses where security and compliance are key.

March 13, 2024

New Relic launched new capabilities for New Relic IAST (Interactive Application Security Testing), including proof-of-exploit reporting for application security testing.

March 12, 2024

OutSystems announced AI Agent Builder, a new solution in the OutSystems Developer Cloud platform that makes it easy for IT leaders to incorporate generative AI (GenAI) powered applications into their digital transformation strategy, as well as govern the use of AI to ensure standardization and security.

March 12, 2024

Mirantis announced significant updates to Lens Desktop that makes working with Kubernetes easier by simplifying operations, improving efficiency, and increasing productivity. Lens 2024 Early Access is now available to Lens users.

March 12, 2024

Codezero announced a $3.5 million seed-funding round led by Ballistic Ventures, the venture capital firm dedicated exclusively to funding entrepreneurs and innovations in cybersecurity.

March 11, 2024

Prismatic launched a code-native integration building experience.

March 07, 2024

Check Point® Software Technologies Ltd. announced its Check Point Infinity Platform has been ranked as the #1 Zero Trust Platform in the latest Miercom Zero Trust Platform Assessment.

March 07, 2024

Tricentis announced the launch and availability of SAP Test Automation by Tricentis as an SAP Solution Extension.

March 07, 2024

Netlify announced the general availability of the AI-enabled deploy assist.

March 07, 2024

DataStax announced a new integration with Airbyte that simplifies the process of building production-ready GenAI applications with structured and unstructured data.