credential-leaks
Safeguard articles tagged "credential-leaks" — guides, analysis, and best practices for software supply chain and application security.
5 articles
How to Scan Large GitHub Orgs for Exposed Secrets Responsibly
28.65 million new secrets landed on public GitHub in 2025 alone. Here's a research methodology for finding them at scale without becoming the next incident.
Secrets detection to prevent data breaches
GitGuardian found 12.8 million new secrets exposed on public GitHub in 2023, up 28% year over year — and most of them stayed live for days after leaking.
Best Secrets Scanning Tools in 2026: An Honest Buyer's Guide
An honest, engineer-first guide to the best secrets scanning tools in 2026 — Gitleaks, TruffleHog, detect-secrets, GitGuardian, Kingfisher, and where a supply chain platform fits — with a clear 'best for' line for each.
Hardcoded Secrets in Source Code: Detection and Remediation
Hardcoded secrets in source code caused breaches at Toyota, Uber, and Samsung. Here's why developers keep doing it, how attackers exploit it, and how to fix it.
Secrets Management: Preventing Credential Leaks in Your Software Supply Chain
Hardcoded credentials remain the most common source of breaches. Despite a decade of tooling improvements, secrets keep leaking through source code, container images, CI logs, and dependency configurations. Here is how to actually fix it.