secrets-scanning
Safeguard articles tagged "secrets-scanning" — guides, analysis, and best practices for software supply chain and application security.
21 articles
Where Security Gates Belong in Your CI/CD Pipeline
23.8 million secrets leaked on public GitHub in 2024 alone. The fix isn't more scanners — it's putting the right gate at the right stage and tuning out the noise.
A reference architecture for automating security gates in CI/CD
29M hardcoded secrets leaked in 2025 alone. Here's a gate architecture — SAST, SCA, secrets, IaC — that catches that without adding a day to your release cycle.
Auditing AI agent skill registries for hardcoded keys
29M new hardcoded secrets hit public GitHub in 2025, up 34% YoY — and 3% of MCP servers in production carry hardcoded credentials as theft traps.
The Security Pitfalls Hiding in AI-Generated Code
A 2021 NYU study found roughly 40% of Copilot completions on security-relevant prompts contained exploitable flaws. Here's a field guide to catching them.
Data loss prevention for developers: stopping leaks before they hit the network
CWE-532 covers secrets logged in plaintext — the exact bug that led Twitter to reset every password on May 3, 2018. Network DLP can't catch it; your code has to.
The Hidden Risks of AI Coding Assistants
A 2021 NYU study found 40% of Copilot-generated code contained exploitable bugs — and that's before counting leaked secrets or hallucinated packages.
How to Scan Large GitHub Orgs for Exposed Secrets Responsibly
28.65 million new secrets landed on public GitHub in 2025 alone. Here's a research methodology for finding them at scale without becoming the next incident.
The complete workflow for finding and remediating hardcoded secrets in GitHub
GitGuardian found 12.8 million secrets leaked on public GitHub in 2023 alone, and over 90% were still valid five days later. Here's the fix workflow that actually closes the gap.
Secure AI-Assisted Development: A Best-Practices Guide
Samsung banned ChatGPT company-wide in May 2023 after engineers pasted proprietary source code into it three times in 20 days. Here's how to adopt AI coding assistants without repeating that mistake.
Security Practices for GitHub Copilot and AI Coding Assistants
Copilot suggested 2,702 hardcoded secrets from just 900 prompts in one study, and at least 200 were live credentials — adoption without policy is a leak waiting to happen.
Detecting Hardcoded Secrets in Code (2026 Guide)
Nearly 24 million secrets leaked to public GitHub in 2024 alone. This guide covers how hardcoded secrets get in, how detection actually works, and how to catch them pre-commit with real commands.
Pre-Commit Security Hooks: Catch Problems Before They're Committed
The cheapest place to catch a security issue is before the commit exists. Here is how to set up pre-commit security hooks that give developers instant feedback without slowing them down.