Home / Companies / GitGuardian / Blog / July 2020

July 2020 Summaries

2 posts from GitGuardian

Filter
Month: Year:
Post Summaries Back to Blog
The article explores the issue of secret sprawl in software development, emphasizing the unintended distribution and exposure of sensitive data such as API keys and credentials across various systems. It highlights the challenges posed by modern applications, which consist of numerous independent services requiring secure connections through secrets. The complexity of managing these secrets often leads to unsafe practices like hardcoding or sharing through unsecured channels, increasing the attack surface and risk of unauthorized access. To mitigate this, the article suggests implementing policies, best practices, secure storage, and automated detection tools like GitGuardian, which offers real-time scanning and alerting to ensure compliance and security. It also touches on the benefits of using advanced secret management systems like HashiCorp Vault for large projects, which provide dynamic secrets and access logs, though noting they require significant resources to set up. For smaller teams, encrypted storage solutions within git may be more feasible, despite their limitations.
Jul 24, 2020 1,291 words in the original blog post.
This glossary provides an engaging explanation of common DevSecOps terms using amusing comics, with definitions for concepts such as CI/CD, data breaches, DevOps, and microservices. CI/CD involves continuous integration and deployment practices in software development, while data breaches refer to unauthorized access or release of information. DevOps merges development and IT operations to enhance the software development life cycle, and microservices architecture allows for independently deployable services. The glossary also covers data loss prevention, secrets management, shift-left testing, social engineering, recall metrics, and zero-day vulnerabilities, offering insights into various cybersecurity practices. The glossary is regularly updated, and contributions of ideas or comics are welcomed via email, illustrating an interactive and community-driven approach to learning about cybersecurity and software development.
Jul 10, 2020 720 words in the original blog post.