Safeguard
Tag

git

Safeguard articles tagged "git" — guides, analysis, and best practices for software supply chain and application security.

12 articles

Security Guides

Detecting Hardcoded Secrets in Code (2026 Guide)

Nearly 24 million secrets leaked to public GitHub in 2024 alone. This guide covers how hardcoded secrets get in, how detection actually works, and how to catch them pre-commit with real commands.

Jul 6, 20266 min read
Tutorials

How to Scan for Secrets in a Git Repository

Find hardcoded API keys, tokens, and credentials in your working tree and full Git history, stop new leaks at commit time, and remediate a secret that has already been pushed.

Jul 4, 20266 min read
Vendor Comparison

GitGuardian vs TruffleHog: choosing a secrets detection tool in 2026

How GitGuardian and TruffleHog compare on detection accuracy, false positive handling, remediation workflow, and enterprise rollout for secrets scanning programs.

May 12, 20267 min read
Vulnerability Analysis

CVE-2024-32002 Git RCE on Clone: Walkthrough

CVE-2024-32002 is a Git submodule RCE triggered by a recursive clone on case-insensitive filesystems. Root cause, exploit, and remediation.

Mar 6, 20269 min read
DevSecOps

Git Hooks as Supply Chain Controls in 2026

Server-side and client-side git hooks are an underused control surface for supply chain risk. Here is what to enforce, where to enforce it, and what to leave alone.

Jan 22, 20266 min read
DevSecOps

Pre-commit Hook Security Gotchas You'll Hit

Pre-commit hooks feel like a free security win until you ship them at scale. Here are the failure modes, trust boundaries, and escape hatches that bite.

Jan 20, 20266 min read
DevSecOps

Pre-Commit Hooks Security Recipes for 2026

Practical pre-commit framework recipes that catch secrets, malicious packages, and risky changes before they reach your remote, without slowing developers down.

Jan 14, 20266 min read
Vulnerability Analysis

Git Argument Injection via Crafted SSH URL (CVE-2017-1000...

CVE-2017-1000117 let a malicious repo run code on anyone who cloned it via a crafted ssh:// URL. Impact, affected Git versions, CVSS, and fixes.

Nov 28, 20258 min read
Vulnerability Analysis

Git Remote Code Execution via Malicious .gitmodules Submo...

CVE-2018-11235 let a malicious .gitmodules file hijack Git submodule checkout, executing arbitrary code via post-checkout hooks on clone.

Nov 28, 20257 min read
Frameworks

gittuf Reaches OpenSSF Incubating: A Forge-Independent Git Security Layer

gittuf was promoted from OpenSSF Sandbox to Incubating in June 2025. We unpack the Reference State Log, policy model, and why it matters for SLSA Source L3.

Jul 8, 20256 min read
Dev Practices

Applying Git Patches Safely

Knowing how to apply a patch in git without breaking your working tree takes more than running git apply once and hoping for the best.

May 6, 20256 min read
DevSecOps

Git Credential Security for Organizations: Locking Down Source Access

Git credentials are the keys to your source code. Here is how organizations should manage them to prevent unauthorized access and credential theft.

Mar 8, 20234 min read
git — Safeguard Blog