GitGuardian Enhances Platform
June 23, 2022

GitGuardian is announcing a series of new features to address developer experience in securing the software development lifecycle.

To reduce the risks of exposure of secrets in the software development lifecycle, GitGuardian is betting on what it has framed as the Application Security Shared Responsibility Model. The company is helping security teams partner with development teams to remediate swaths of existing vulnerabilities and prevent ones in the future. By getting the developer experience right, GitGuardian is turning the problem of secrets sprawl into an opportunity to break down organizational silos and infuse security in the software development lifecycle.

On top of an integrated platform, GitGuardian comes with ggshield – an open-source command-line interface (CLI) built for developers. Widely adopted by developer communities, ggshield helps thousands of developers and DevOps engineers keep secrets out of source code. To date, it is the most effective solution for preventing secrets from leaving developers’ workstations and getting exposed – saving security teams hours on investigation, remediation, and expensive paperwork.

To help large organizations deploy secrets detection and remediation on perimeters consisting of thousands of developers, GitGuardian is introducing:

- A new developer onboarding experience with an automated API key provisioning mechanism alongside a browser-based authentication flow for ggshield (GitGuardian CLI) – removing all barriers to enterprise adoption.

- Deeper integration with GitHub, to reveal the results of its security scans in the context of pull requests and provide developers with custom remediation guidelines.

- An easier configuration of ggshield (GitGuardian CLI) for pre-receive hooks to implement preventive secrets scanning (a.k.a. push protection) on GitHub Enterprise and GitLab self-hosted instances. This enables Version Control Systems administrators to deploy blocking checks for all incoming code contributions with a single setup.

- An improved RBAC system, supporting the creation of teams within the GitGuardian workspace to reflect security and engineering organizations. Each team will have a perimeter with its sources (e.g. GitHub, GitLab, or Bitbucket organizations or repositories) with team members having different levels of permission on incidents, according to their role in the organization.

Poor secret management practices and hardcoded credentials, in particular, are pervasive in the DevOps and cloud-native era. With each secret having 13 different occurrences, the effort required for remediation exceeds available resources within security teams (1 AppSec engineer for 100 developers)1 hence the need for a shared responsibility model involving developers.

In addition, when comparing public corporate codebases to private ones, GitGuardian found the latter to be four times more likely to expose a secret. The company concludes that, in the current state, private repositories permeate a false sense of security and are a (ticking) time bomb waiting to go off at any moment. Additional analysis by GitGuardian of the recent wave of source code leaks from companies like Twitch, Samsung and Nvidia, and Microsoft confirms this.

Share this

Industry News

June 29, 2022

Progress announced the latest release of Progress Flowmon.

June 29, 2022

CodeSee announced the launch of Open Source Hub (OSH).

June 29, 2022

Ambassador Labs announced the newest release of Ambassador Edge Stack, an integrated edge solution that empowers developer teams to quickly configure the edge services required to build, deliver, and scale applications for Kubernetes.

June 29, 2022

Ondat released into general availability version 2.8 of its Ondat platform for stateful workloads in Kubernetes.

June 28, 2022

Hewlett Packard Enterprise (HPE) unveiled platform enhancements and new cloud services for HPE GreenLake, the company’s flagship offering that enables organizations to modernize all their applications and data.

June 28, 2022

Sysdig announced Drift Control to prevent container attacks at runtime. Teams can detect, prevent, and speed incident response for containers that were modified in production, also known as container drift.

June 28, 2022

ShiftLeft announced an investment from and go-to-market partnership with Wipro Ventures.

June 27, 2022

Delinea announced the latest release of DevOps Secrets Vault.

June 27, 2022

Jit announced a $38.5 million seed funding round and launched a free beta version which automates product security.

June 27, 2022

Platform.sh raised $140 million in Series D funding.

June 23, 2022

Akana by Perforce now offers BlazeMeter to customers, previously a solution with Broadcom Layer7.

June 23, 2022

Coder announced the release of a new open source project that gives developers and data scientists a consistent, secure, yet flexible way to create cloud workspaces in minutes.

June 23, 2022

GitGuardian is announcing a series of new features to address developer experience in securing the software development lifecycle.

June 22, 2022

OctoML released a major platform expansion to accelerate the development of AI-powered applications by eliminating bottlenecks in machine learning deployment.

June 22, 2022

Snow Software announced new functionality and integrations for Snow Atlas, a purpose-built platform that provides a framework to accelerate data-driven technology decision-making.