Safeguard
Tag

secrets-scanning

Safeguard articles tagged "secrets-scanning" — guides, analysis, and best practices for software supply chain and application security.

21 articles

DevSecOps

Secrets Scanning: Stop Leaking Credentials Before They Ship

A leaked API key in Git history is compromised the moment it is pushed — deleting the commit does not help. Here is how to build secrets scanning across your whole lifecycle, from pre-commit to Git history.

Jul 5, 20267 min read
Buyer's Guides

Best Secrets Scanning Tools in 2026: An Honest Buyer's Guide

An honest, engineer-first guide to the best secrets scanning tools in 2026 — Gitleaks, TruffleHog, detect-secrets, GitGuardian, Kingfisher, and where a supply chain platform fits — with a clear 'best for' line for each.

Jun 9, 20268 min read
DevSecOps

The 4 best DevSecOps tools for a secure DevOps workflow

The 4 DevSecOps tool categories a secure pipeline needs — SCA, SAST, container/IaC scanning, secrets scanning — with real incidents and fixes.

May 18, 20267 min read
Buyer's Guides

Aikido vs GitGuardian: secrets scanning comparison

Searching "Aikido vs GitGuardian"? Here's how Safeguard's secrets detection, validation, and remediation approach actually compares to Aikido Security.

May 5, 20268 min read
DevSecOps

Secrets sprawl

What is secrets sprawl? A plain-English breakdown of how API keys and credentials scatter across codebases, and what to do about it.

Feb 24, 20267 min read
Application Security

How to set up secrets scanning in git repositories

A step-by-step guide to secrets scanning in git repositories using gitleaks and trufflehog, covering pre-commit hooks, CI enforcement, and history audits.

Feb 16, 20267 min read
Regulatory Compliance

Django SECRET_KEY exposure and settings.py secret managem...

A Django SECRET_KEY exposure can silently unravel session security, CSRF protection, and signed tokens. Here's how to find, fix, and prevent it for good.

Jan 28, 20268 min read
Buyer's Guides

Best secrets scanning tools for CI/CD pipelines

A practical, no-hype comparison of secrets scanning tools for CI/CD: what gitleaks, TruffleHog, and GitGuardian catch, and where each one falls short.

Nov 18, 20259 min read
AppSec

Code Scanning Tools: SAST, Secrets, and Linters Compared

SAST tools, secret scanners, and linters all read your source code but catch entirely different classes of problems — here's how to tell them apart and stack them correctly.

Jun 24, 20255 min read
secrets-scanning (Page 2) — Safeguard Blog