Secrets detection in the CI/CD pipeline | Detecting credentials with GitHub actions & GGShield
In this tutorial, we look at how we can prevent secrets like API keys and other credentials from being merged into git repositories by installing a GitHub actions workflow with GGShield (Gitguardian Shield). Automatically scanning commits and PR for sensitive information.
Links
GGShield - https://s.gitguardian.com/ex1
GitGuardian - https://s.gitguardian.com/62y
Who is Mackenzie Jackson?
Mackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learnt first-hand how critical it is to build secure applications with robust developer operations.
Today as the Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.
What is GitGuardian?
GitGuardian is the code security platform for the DevOps generation. With automated secrets detection and remediation, our platform enables Dev, Sec, and Ops to advance together towards the Secure Software Development Lifecycle.
0:00-intro
0:21-Tools
0:33-Setting up GitHub Actions
2:00-Editing our main.yml file
4:01-Getting GGShield API key
5:00-Adding a secret into GitHub actions
7:00-Testing GGShield in GitHub Actions
8:15-Results
