Monday, October 24, 2022
HomeCyber SecurityGitGuardian Extends Code Safety Platform, Including Infrastructure-as-Code Scanning for Safety Misconfigurations

GitGuardian Extends Code Safety Platform, Including Infrastructure-as-Code Scanning for Safety Misconfigurations


PARIS, Oct. 18, 2022GitGuardian,
the enterprise-ready automated secrets and techniques detection and remediation
platform, is increasing its capabilities to new safety verticals.
GitGuardian is now constructing a complete platform to assist growth
and safety groups write, keep, and run safe code anyplace.

The
everything-as-code motion GitGuardian is securing has taken a number of
domains by storm and elevated code to the ranks of probably the most precious
asset a corporation can personal. Typically missed within the inventories of
organizations, safety groups have simply woke up to the necessity to safe,
defend, and repeatedly monitor the software program growth lifecycle
(SDLC) for dangers like tampering, code leakage, hardcoded credentials, and extra.

GitGuardian’s
product suite already offers such capabilities, however the firm is
now trying to consolidate the whole lot into one single platform:

  • Secrets and techniques detection and remediation; GitGuardian helps safety and growth groups cut back the dangers of secrets and techniques publicity within the software program growth lifecycle.
  • Public GitHub monitoring;
    GitGuardian helps organizations safe their prolonged assault floor by
    monitoring GitHub for leaked secrets and techniques and delicate knowledge.
  • Supply code leakage detection; GitGuardian repeatedly scans public GitHub to search for proprietary code leaked from personal repositories.
  • SDLC intrusion detection;
    GitGuardian allows safety groups to deploy canary tokens at scale in
    their DevOps environments and lure attackers into revealing themselves.

This
motion has additionally blurred the boundaries between Software Safety
and Cloud Safety. With Infrastructure-as-Code (IaC), each the
software and cloud infrastructure layers have collapsed onto one
one other in git-based Model Management Techniques.

Whereas
software-defined infrastructure has unlocked automated cloud useful resource
deployment with extra velocity and consistency for engineering groups, it’s
nonetheless fraught with dangers. Gartner expects that by means of 2023, not less than
99% of cloud safety failures would be the person’s fault, primarily
misconfigurations. Such errors propagate from code to cloud-native
environments, exposing vital workloads and sources on the best way.

To assist Cloud Safety groups defend their group’s infrastructure on the supply, GitGuardian is including Infrastructure-as-Code scanning for safety
misconfigurations to its platform. And within the spirit of Shift Left
safety, the corporate is enabling this by means of its common open-source
command-line interface (CLI) for builders, ggshield.

“With
this preliminary launch, builders and Website Reliability Engineers will probably be
capable of finding and repair over 60 kinds of safety misconfigurations in
Terraform recordsdata — whereas they develop.” says Eric Fourrier, GitGuardian
co-founder and CTO.

GitGuardian’s preliminary focus in Infrastructure-as-Code safety
is Terraform and AWS. Nonetheless, it plans to counterpoint its
Infrastructure-as-Code insurance policies listing, help further cloud
companies suppliers like Azure and Google Cloud Platform, and combine
scanning natively in developer workflows on GitHub, GitLab, or
Bitbucket.

In its ongoing efforts to construct a code safety
platform for the DevOps era, GitGuardian can also be actively
exploring alternatives in areas corresponding to Static Software Safety
Testing (SAST) and Software program Composition Evaluation (SCA).

About GitGuardian

GitGuardian,
based in 2017 by Jérémy Thomas and Eric Fourrier, has quickly emerged
because the chief in automated secrets and techniques detection and is now centered on
offering a complete code safety platform. The corporate has raised
a $56M complete funding from Eurazeo, Sapphire, Balderton, and notable
tech entrepreneurs corresponding to Scott Chacon, co-founder of GitHub, and Solomon
Hykes, co-founder of Docker.

GitGuardian Inside Monitoring
helps organizations detect and repair vulnerabilities in supply code at
each step of the software program growth lifecycle. With GitGuardian’s
coverage engine, safety groups can monitor and implement guidelines throughout their
VCS, DevOps instruments, and infrastructure-as-code configurations.

Extensively
adopted by developer communities, GitGuardian is utilized by over 200,000 builders and is the #1 app within the safety class on the
GitHub Market. GitGuardian can also be trusted by main corporations,
together with Instacart, Genesys, Orange, Iress, Past Id, NOW:
Pensions, and Stedi.

GitGuardian Inside Monitoring is an
automated secrets and techniques detection and remediation platform. By lowering the
dangers of secrets and techniques publicity throughout the SDLC, GitGuardian helps
software-driven organizations strengthen their safety posture and
adjust to frameworks and requirements.

Its detection engine is
educated in opposition to over a billion public GitHub commits yearly. It covers
350+ kinds of secrets and techniques, corresponding to API keys, database connection strings,
personal keys, certificates, and extra.

GitGuardian brings
safety and growth groups along with automated remediation
playbooks and collaboration options to resolve incidents rapidly and
completely. Organizations can obtain larger incident closing charges and
shorter repair instances by pulling builders nearer to the remediation
course of. Please go to the official web site
to be taught extra about GitGuardian Inside Monitoring, the
enterprise-ready automated secrets and techniques detection, and remediation platform.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments