GitGuardian Extends Code Security Platform, Adding Infrastructure-as-Code Scanning for Security Misconfigurations

PARIS, Oct. 18, 2022 — GitGuardian, the enterprise-ready automated secrets detection and remediation platform, is expanding its capabilities to new security verticals. GitGuardian is now building a comprehensive platform to help development and security teams write, maintain, and run secure code anywhere.

The everything-as-code movement GitGuardian is securing has taken multiple domains by storm and elevated code to the ranks of the most valuable asset an organization can own. Often overlooked in the inventories of organizations, security teams have just awakened to the need to secure, protect, and continuously monitor the software development lifecycle (SDLC) for risks like tampering, code leakage, hardcoded credentials, and more.

GitGuardian's product suite already provides such capabilities, but the company is now looking to consolidate everything into one single platform:

• Secrets detection and remediation; GitGuardian helps security and development teams reduce the risks of secrets exposure in the software development lifecycle.
• Public GitHub monitoring; GitGuardian helps organizations secure their extended attack surface by monitoring GitHub for leaked secrets and sensitive data.
• Source code leakage detection; GitGuardian continuously scans public GitHub to look for proprietary code leaked from private repositories.
• SDLC intrusion detection; GitGuardian enables security teams to deploy canary tokens at scale in their DevOps environments and lure attackers into revealing themselves.
  

This movement has also blurred the boundaries between Application Security and Cloud Security. With Infrastructure-as-Code (IaC), both the application and cloud infrastructure layers have collapsed onto one another in git-based Version Control Systems.

While software-defined infrastructure has unlocked automated cloud resource deployment with more speed and consistency for engineering teams, it is still fraught with risks. Gartner expects that through 2023, at least 99% of cloud security failures will be the user's fault, mainly misconfigurations. Such errors propagate from code to cloud-native environments, exposing critical workloads and resources on the way.

To help Cloud Security teams protect their organization's infrastructure at the source, GitGuardian is adding Infrastructure-as-Code scanning for security misconfigurations to its platform. And in the spirit of Shift Left security, the company is enabling this through its popular open-source command-line interface (CLI) for developers, ggshield.

“With this initial release, developers and Site Reliability Engineers will be able to find and fix over 60 types of security misconfigurations in Terraform files — while they develop.” says Eric Fourrier, GitGuardian co-founder and CTO.

GitGuardian’s initial focus in Infrastructure-as-Code security is Terraform and AWS. Still, it plans to enrich its Infrastructure-as-Code policies directory, support additional cloud services providers like Azure and Google Cloud Platform, and integrate scanning natively in developer workflows on GitHub, GitLab, or Bitbucket.

In its ongoing efforts to build a code security platform for the DevOps generation, GitGuardian is also actively exploring opportunities in areas such as Static Application Security Testing (SAST) and Software Composition Analysis (SCA).

About GitGuardian

GitGuardian, founded in 2017 by Jérémy Thomas and Eric Fourrier, has rapidly emerged as the leader in automated secrets detection and is now focused on providing a comprehensive code security platform. The company has raised a $56M total investment from Eurazeo, Sapphire, Balderton, and notable tech entrepreneurs such as Scott Chacon, co-founder of GitHub, and Solomon Hykes, co-founder of Docker.

GitGuardian Internal Monitoring helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

Widely adopted by developer communities, GitGuardian is used by over 200,000 developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.

GitGuardian Internal Monitoring is an automated secrets detection and remediation platform. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

Its detection engine is trained against over a billion public GitHub commits yearly. It covers 350+ types of secrets, such as API keys, database connection strings, private keys, certificates, and more.

GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents quickly and thoroughly. Organizations can achieve higher incident closing rates and shorter fix times by pulling developers closer to the remediation process. Please visit the official website to learn more about GitGuardian Internal Monitoring, the enterprise-ready automated secrets detection, and remediation platform.