ServiceNow introduced a new no‑code development studio and new automation capabilities to accelerate and scale digital transformation across the enterprise.
GitGuardian unveiled HasMySecretLeaked, a free toolset to help security engineers proactively verify if their organization’s secrets have leaked on GitHub.com.
HasMySecretLeaked is a private database with over 20 million records of hashed secrets leaked in public sources, including GitHub.com. Users can query the database by submitting a hashed version of their secret in the search console, and GitGuardian will look for their perfect matches–without revealing any other secrets or their locations.
“Knowing whether your ‘vaulted’ secrets have leaked publicly is just one API call away. We built a privacy-safe and secure process that returns an unequivocal answer to the crucial question: Has my secret leaked?” said Eric Fourrier, co-founder and CEO of GitGuardian.
GitGuardian users can also harness HasMySecretLeaked directly from the command-line interface ggshield. In addition, ggshield includes plug-ins for pulling secrets from popular tools like HashiCorp Vault and AWS Secrets Manager and staging them in local environments before leak inspection.
The capability is also already integrated into the GitGuardian Platform. It will notify security teams if their hardcoded secrets, found in organization-owned repositories, Slack workspaces, or Jira projects, are unintentionally leaked to public sources the organization cannot control or see.
“It’s more than just visibility. Undetected public exposure makes all the difference between a simple alert and a critical incident. It’s the context security teams badly need to prioritize remediation,” said Edouard Viot, Vice President of Product at GitGuardian.
GitGuardian scans every public commit on GitHub for leaks, spanning API keys, database assignments, and developer secrets. In 2020, it uncovered 3 million exposed secrets, surging to 6 million in 2021 and an astounding 10 million in 2022.
GitGuardian also understands the importance of protecting secrets from unwanted exposure and has designed HasMySecretLeaked in a way that does not read or access users’ secrets.
“We’re leveraging concepts such as k-anonymity and zero-knowledge, making it impossible for us or anyone else to see or reconstruct the secrets, all while determining whether they have leaked in public sources,” said Eric Fourrier.
Industry News
Security Innovation has added new skills assessments to its Base Camp training platform for software security training.
CAST introduced CAST Highlight Extensions Marketplace — an integrated marketplace for the software intelligence product where users can effortlessly browse and download a diverse range of extensions and plugins.
Red Hat and Elastic announced an expanded collaboration to deliver next-generation search experiences supporting retrieval augmented generation (RAG) patterns using Elasticsearch as a preferred vector database solution integrated on Red Hat OpenShift AI.
Traceable AI announced an Early Access Program for its new Generative AI API Security capabilities.
StackHawk announced a new integration with Microsoft Defender for Cloud to help organizations build software more securely.
MacStadium announced that it has obtained Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Level 1, meaning that MacStadium has publicly documented its compliance with CSA’s Cloud Controls Matrix (CCM), and that it joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
The Cloud Native Computing Foundation® (CNCF®) released the two-day schedule for CloudNativeSecurityCon North America 2024 happening in Seattle, Washington from June 26-27, 2024.
Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and collect and act on data insights more quickly.
Red Hat is announcing an optional additional 12-month EUS term for OpenShift 4.14 and subsequent even-numbered Red Hat OpenShift releases in the 4.x series.
HAProxy Technologies announced the launch of HAProxy Enterprise 2.9.
ArmorCode announced the general availability of AI Correlation in the ArmorCode ASPM Platform.
Octopus Deploy launched new features to help simplify Kubernetes CD at scale for enterprises.
Cequence announced multiple ML-powered advancements to its Unified API Protection (UAP) platform.
Oracle announced plans for Oracle Code Assist, an AI code companion, to help developers boost velocity and enhance code consistency.