GitGuardian Labs projects bring our latest innovations in code security to your fingertips
The adoption of new frameworks, and architectures, the rise of the DevOps discipline with automation, infrastructure-as-code, and CI/CD systems, and the over-reliance on open-source and 3rd-party services are all the hallmarks of a new era in software development and delivery.
By now, the benefits are known to everyone in the industry: a faster time-to-market, increased developer productivity (and happiness), and overall more satisfied customers. What is less understood, however, is the reshaping of organizations’ attack surfaces and the creation of new opportunities and avenues for attackers.
GitGuardian Labs' mission is to explore the threats of today and tomorrow in the areas of code and software supply chain security and offer easy-to-use solutions for developers and security professionals alike. We’re constantly exploring new vulnerabilities and adapting ourselves to an ever-changing threat landscape – where the SDLC is becoming the new Eldorado for attackers.
Eric Fourrier
CEO & cofounder at GitGuardian
So far, 5 projects have hatched in the owl’s nest: The Good Samaritan, ggshield, ggcanary, SaaS Sentinel and the latest, Has My Secret Leaked.
Stay tuned for more projects coming!
Securing secrets is hard. API tokens, cloud credentials, and database URLs have a bad habit of getting exposed anywhere and everywhere. And let's not forget those leaks tend to happen when your security teams least expect them, usually during “out of office hours” and in assets you don’t own.
GitGuardian has been actively tackling this problem since 2017, and in 2024 we unveiled HasMySecretLeaked, a free toolset to help security and DevOps teams verify if their organization’s secrets have leaked on public repositories, gists, and issues on GitHub projects.
Since late 2017, we have been watching over more than 40 million developers’ shoulders. Whenever they leaked a secret on public GitHub repositories, we made it our duty to notify them on time so they can take action.
In 2022, we found 10 million occurrences of secrets hiding in more than a billion public commits and alerted more than a million developers. See what they have to say about us.
Secrets are found in nearly every place: source code, build logs, infra-as-code, etc. Docker images are no exception, we have scanned more than 2,000 images on Docker Hub and found exposed secrets in about 7% of the total! That’s when we knew we had to release our Docker image scanning utility to the public.
With ggshield, the GitGuardian CLI, developers and security engineers can now run deep scans on any Docker image's creation process (Dockerfile and build arguments) as well as its layers' filesystem.
Developer and DevOps environments are becoming attackers' favorite targets: version control systems, CI/CD tools, ticketing, and messaging systems such as Jira or Slack all serve as great entry points for further lateral movement.
With ggcanary, security teams can deploy AWS canary tokens at scale, luring their attackers into revealing themselves and detecting intrusion as soon as it happens.
SaaS Sentinel is looking to help organizations detect intrusion as it unfolds and reduce the Mean-Time-to-Detect.
We have planted GitGuardian honeytokens in a selection of SaaS tools used by developers. In case they are unexpectedly triggered their status is updated. Subscribers are then alerted by email of a potential incident happening.
Each month more than 10K developers protect their code using GitGuardian and join the community.
@
ch4r10t33r
We at @pillarwallet and @etherspot have been using @GitGuardian for quite some time now and really like what they have to offer. I would definitely recommend giving them a try!
@
DoveOwuor
@GitGuardian I appreciate your security enhancement on my repositories. This is a greater solution to security and I believe if you try it you will actually be impressed. Gracias
@
jdanbanan
Just got an email from @GitGuardian about a repo I accidentally included an RCON password in. Amazing product, scanned my repo and emailed me before I even realized what I did.
@
billkavadias
If anyone wants to check their repo for exposed secrets @GitGuardian is amazing Pros: Super easy setup and a fair pricing module for business 💯 Cons: I either need to fix this or take down my personal repo 😅