GitGuardian invests in developer experience for large-scale enterprise deployments | New
PARIS, June 21, 2022 (GLOBE NEWSWIRE) — GitGuardian, the enterprise-ready secrets detection and remediation platform, announces a series of new features to improve the developer experience in securing the development lifecycle software.
To reduce the risks of exposure of secrets in the software development lifecycle, GitGuardian is betting on what it has defined as the shared responsibility model for application security. The company helps security teams partner with development teams to fix swaths of existing vulnerabilities and prevent those in the future. By providing a great developer experience, GitGuardian turns the problem of secret proliferation into an opportunity to break down organizational silos and infuse security into the software development lifecycle.
” As development teams take more ownership of day-to-day application security issues, the security team must move away from tactics and seize the opportunity to play a more strategic role in product security. ” Forrester The State of Application Security, 2022
In addition to an integrated platform, GitGuardian comes with ggshield – an open-source command-line interface (CLI) designed for developers. Widely adopted by developer communities, ggshield helps thousands of DevOps developers and engineers keep secrets out of source code. It is the most effective solution to date to prevent secrets from leaving developer workstations and being exposed, saving security teams hours of investigation, correction and costly paperwork.
To help large organizations deploy secret detection and remediation across perimeters of thousands of developers, GitGuardian introduces:
- A new developer onboarding experience with an automated API key provisioning mechanism as well as a browser-based authentication flow for ggshield (GitGuardian CLI) – removing all barriers to enterprise adoption.
- Deeper integration with GitHub, to reveal the results of its security scans in the context of pull requests and provide developers with custom remediation guidelines.
- Easier configuration of ggshield (GitGuardian CLI) for pre-receive hooks to implement preventative secret scanning (aka push protection) on self-hosted GitHub Enterprise and GitLab instances. This allows Version Control Systems administrators to deploy blocking checks for all incoming code contributions with a single configuration.
- An improved RBAC system, supporting the creation of teams within the GitGuardian workspace to mirror security and engineering organizations. Each team will have a scope with its sources (e.g., GitHub, GitLab, or Bitbucket organizations or repositories) with team members having different levels of incident permissions, depending on their role in the organization.
Bad secrets management practices and hard-coded credentials, in particular, are pervasive in the DevOps and cloud-native era. GitGuardian research published earlier this year in March, The State of Secrets Sprawl 2022, shows that there are more hard-coded secrets than application security teams can manage. The data reveals that, on average, in 2021, a typical company of 400 developers would discover 1,050 unique hard-coded secrets when analyzing their entire codebase. With each secret having 13 different occurrences, the effort required for remediation exceeds the resources available within security teams (1 AppSec engineer for every 100 developers)1 hence the need for a shared responsibility model involving developers.
Additionally, when comparing public company codebases to private ones, GitGuardian found that the latter were four times more likely to leak a secret. The company concludes that, as it stands, private repositories imbue a false sense of security and are a ticking (ticking) bomb ready to go off at any moment. Further analysis by GitGuardian of the recent wave of source code leaks from companies like Twitch, Samsung, and Nvidia, and Microsoft confirms this.
To learn more about GitGuardian Internal Monitoring, the enterprise-ready secrets detection and remediation platform, please visit the official site.
GitGuardian is a global cybersecurity startup specializing in code security solutions for the DevOps generation. A market leader in secret detection and remediation, its solutions are already used by thousands of developers across all industries.
1 From TAG Cyber
Copyright 2022 GlobeNewswire, Inc.