secret-scanning
Safeguard articles tagged "secret-scanning" — guides, analysis, and best practices for software supply chain and application security.
21 articles
OpenAI API Key Leakage on GitHub at Scale
A senior engineer's view of OpenAI API key leakage on GitHub at scale, why automated secret scanning misses so many, and what actually stops the bleeding.
Best Secret Scanning Tools 2026 Comparison
A senior-engineer view of secret-scanning tools worth running in 2026: what TruffleHog, Gitleaks, GitGuardian, and platform-native scanners actually do well.
What Are Hardcoded Credentials
Hardcoded credentials are secrets baked into code instead of a vault. Toyota, Uber, and Samsung breaches show why that risk never expires on its own.
GitHub Advanced Security 2026: Copilot Autofix Goes GA
GHAS in 2026 made Copilot Autofix generally available, opened secret scanning to Team plans, and shipped extended secret metadata. We walked the upgrade for an org with 800 repos.
Safeguard vs GitHub Advanced Security 2026
A technical comparison of Safeguard and GitHub Advanced Security in 2026 across scanning depth, secret detection, container coverage, and cost.
What is a CI/CD Secrets Leak
A CI/CD secrets leak exposes real credentials through build logs, forks, or compromised Actions. Here's how it happens and how to stop it.
Securing Azure DevOps pipelines against supply chain comp...
Pipelines now hold more privilege than the apps they build. Here's how Azure DevOps pipeline security actually breaks down—and how to close the gaps.
GitGuardian vs TruffleHog: Secret Detection Showdown
Compare GitGuardian and TruffleHog on detector coverage, validation, historical scans, developer workflow, and pricing to pick the right secret scanning tool.
GitHub Advanced Security: CodeQL, Dependabot, and Secret Scanning in Practice
A review of GitHub Advanced Security covering CodeQL SAST, Dependabot SCA, secret scanning, and how the integrated security experience works for development teams.