git
Safeguard articles tagged "git" — guides, analysis, and best practices for software supply chain and application security.
12 articles
Detecting Hardcoded Secrets in Code (2026 Guide)
Nearly 24 million secrets leaked to public GitHub in 2024 alone. This guide covers how hardcoded secrets get in, how detection actually works, and how to catch them pre-commit with real commands.
How to Scan for Secrets in a Git Repository
Find hardcoded API keys, tokens, and credentials in your working tree and full Git history, stop new leaks at commit time, and remediate a secret that has already been pushed.
GitGuardian vs TruffleHog: choosing a secrets detection tool in 2026
How GitGuardian and TruffleHog compare on detection accuracy, false positive handling, remediation workflow, and enterprise rollout for secrets scanning programs.
CVE-2024-32002 Git RCE on Clone: Walkthrough
CVE-2024-32002 is a Git submodule RCE triggered by a recursive clone on case-insensitive filesystems. Root cause, exploit, and remediation.
Git Hooks as Supply Chain Controls in 2026
Server-side and client-side git hooks are an underused control surface for supply chain risk. Here is what to enforce, where to enforce it, and what to leave alone.
Pre-commit Hook Security Gotchas You'll Hit
Pre-commit hooks feel like a free security win until you ship them at scale. Here are the failure modes, trust boundaries, and escape hatches that bite.
Pre-Commit Hooks Security Recipes for 2026
Practical pre-commit framework recipes that catch secrets, malicious packages, and risky changes before they reach your remote, without slowing developers down.
Git Argument Injection via Crafted SSH URL (CVE-2017-1000...
CVE-2017-1000117 let a malicious repo run code on anyone who cloned it via a crafted ssh:// URL. Impact, affected Git versions, CVSS, and fixes.
Git Remote Code Execution via Malicious .gitmodules Submo...
CVE-2018-11235 let a malicious .gitmodules file hijack Git submodule checkout, executing arbitrary code via post-checkout hooks on clone.
gittuf Reaches OpenSSF Incubating: A Forge-Independent Git Security Layer
gittuf was promoted from OpenSSF Sandbox to Incubating in June 2025. We unpack the Reference State Log, policy model, and why it matters for SLSA Source L3.
Applying Git Patches Safely
Knowing how to apply a patch in git without breaking your working tree takes more than running git apply once and hoping for the best.
Git Credential Security for Organizations: Locking Down Source Access
Git credentials are the keys to your source code. Here is how organizations should manage them to prevent unauthorized access and credential theft.