Sold by: GitGuardian
Deployed on AWS
Vendor Insights
The end-to-end secrets security platform for enterprises. Scan and fix hardcoded secrets in source code, CI/CD pipelines, and productivity tools with GitGuardian code security platform.
4.8
Overview
GitGuardian is an end-to-end secrets security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards.
With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and Secrets Observability. This dual approach enables the detection of compromised secrets across your dev environments while also managing legitimate secrets and their lifecycle.
The platform supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense
Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF, and Bouygues Telecom for robust secrets protection.
Highlights
- With Secrets Security, GitGuardian aims to eliminate leaks and sprawl, detecting compromised or misused secrets across both public and internal environments. This foundation of NHI security is strengthened by monitoring for incidents, policy violations, and illegitimate use of secrets.
- GitGuardian's Secrets Detection tackles internal secrets sprawl by identifying sensitive data in source code and productivity tools. The platform supports over 450 types of secrets, including API keys, private keys, and database credentials. With a robust policy engine, security teams can enforce rules across major Version Control Systems ( like GitHub, GitLab, BitBucket, and Azure DevOps, CI/CD tools such as Jenkins, Travis CI as well as tools like Slack, Jira, container registries, and more.
- To expand visibility beyond internal systems, GitGuardian Public Monitoring scans public GitHub repositories, detecting sensitive information in both organizational and developers' personal repos. This is crucial, as 80% of corporate secrets leaked on public GitHub stem from personal accounts.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
SOC2
GDPR
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
25 developers | Business Plan, per 25 contributing developers (annual contract) | $5,500.00 |
Vendor refund policy
Please contact sales@gitguardian.com to learn more about GitGuardian's refund policy.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Explore our guides to use the GitGuardian Platform https://docs.gitguardian.com or submit a support request at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By GitGuardian
By CyberArk
By Doppler
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Secrets Detection and Classification
Supports detection of over 450 types of secrets including API keys, private keys, and database credentials across source code and productivity tools
Multi-Platform Integration
Integrates with major Version Control Systems (GitHub, GitLab, BitBucket, Azure DevOps), CI/CD tools (Jenkins, Travis CI), and productivity platforms (Slack, Jira, container registries)
Public Repository Monitoring
Scans public GitHub repositories to detect sensitive information in both organizational and personal developer accounts
Policy Engine and Enforcement
Includes a robust policy engine that enables security teams to enforce rules and manage secrets lifecycle across integrated platforms
Honeytokens and Incident Detection
Deploys honeytokens for defense and monitors for incidents, policy violations, and illegitimate use of secrets in both public and internal environments
Centralized Secrets Management
Centrally secures, rotates, and manages secrets across multi-cloud and hybrid environments with a unified view across multiple AWS accounts and AWS Secrets Manager instances.
Multi-Platform Integration
Offers REST APIs and integrates with a wide range of DevOps tools, container platforms, vulnerability scanners, RPA, and automation tools for credential delivery.
Secrets Rotation and Lifecycle Management
Automatically rotates secrets in AWS Secrets Manager and across enterprise environments without requiring changes to developer workflows or applications.
Audit and Access Control
Provides centralized control and comprehensive auditing of how applications, DevOps tools, and automation platforms authenticate and access sensitive resources including databases and cloud environments.
Enterprise-Scale Architecture
Designed to support massive scalability with data sovereignty requirements for large global enterprises and eliminates vault sprawl across distributed environments.
Secrets Management and Centralization
Centralized platform for managing secrets across projects, teams, and environments to eliminate secrets sprawl
Automated Credential Rotation
Automatic rotation of credentials without downtime to safeguard against data breaches
Multi-Environment Integration
Automatic synchronization and deployment of secrets across environments and infrastructure through expanding suite of integrations
Access Control and Audit Logging
Scalable and flexible access controls with detailed activity logs for real-time access management and compliance
Developer-Centric Tools
VS Code extension for editing secrets alongside code with bidirectional synchronization and Doppler CLI for consuming secrets as environment variables
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
No security profile
No security profile
Standard contract
No
No
Customer reviews
Pedro Márcio A.
Reliable, Trustworthy Help That Makes All the Difference
Reviewed on Feb 11, 2026
Review provided by G2
What do you like best about the product?
Reliable and trustworthy help can make all the difference.
What do you dislike about the product?
Nothing really comes to mind. I couldn’t think of anything to add.
What problems is the product solving and how is that benefiting you?
Sometimes I forget api keys in code and its bad, so GitGuardian helps me.
Peter G.
Saves a Lot of Work When Credentials Are in the Wrong Place
Reviewed on Feb 04, 2026
Review provided by G2
What do you like best about the product?
Saves a lot of work when credentials are in the wrong place
What do you dislike about the product?
When a _Force is activated in a pipeline it gives a warning but does not stop the flow
What problems is the product solving and how is that benefiting you?
Losing credentials
Juan Jose M.
Caught a Real Secret in a Real Project, Fast and Developer-Friendly
Reviewed on Feb 02, 2026
Review provided by G2
What do you like best about the product?
this week it literally saved me from committing a real secret in a small personal Python project. It caught the credential immediately and showed me exactly where it was and how to rotate it. That kind of fast feedback is the main value: it scans commits and PRs in real time, integrates cleanly with GitHub, and gives actionable remediation steps instead of just raising an alarm. It’s very developer-friendly and doesn’t slow down your workflow
What do you dislike about the product?
initial tuning takes some time to reduce false positives and configure ignore rules for non-sensitive test data. Some advanced reporting and bulk management features could be more streamlined in the UI
What problems is the product solving and how is that benefiting you?
It prevents credentials from being exposed in repositories by detecting secrets during development and in existing code. That reduces the risk of security incidents and avoids emergency key rotations. In practice, it saves time, protects personal and production projects, and builds safer habits for developers
vishesh s.
Instant Secret Detection That Scales to Large Repos
Reviewed on Jan 23, 2026
Review provided by G2
What do you like best about the product?
What I like best about GitGuardian is how it automatically detects secrets and sensitive data in code — even in large repositories and alerts you instantly.
What do you dislike about the product?
One thing I dislike about GitGuardian is that it can sometimes generate false positives, which requires manual review and can slow things down slightly
What problems is the product solving and how is that benefiting you?
GitGuardian solves the problem of exposed secrets and sensitive data in source code and version control systems. It continuously scans code repositories, commits, pull requests, and CI/CD pipelines to automatically detect API keys, credentials, tokens, and other secrets that shouldn’t be in code. By alerting developers and security teams instantly, it prevents leaks that could lead to unauthorized access, data breaches, or financial loss.
The benefits I get from this are:
🔒 Better security — I don’t have to worry about secrets accidentally being committed.
⚡ Faster detection — Issues are caught early, before they reach production.
👩💻 Smoother development workflows — Developers can focus on building rather than manually auditing code.
📊 Clear visibility and tracking — I can see where exposures happen and fix them quickly.
The benefits I get from this are:
🔒 Better security — I don’t have to worry about secrets accidentally being committed.
⚡ Faster detection — Issues are caught early, before they reach production.
👩💻 Smoother development workflows — Developers can focus on building rather than manually auditing code.
📊 Clear visibility and tracking — I can see where exposures happen and fix them quickly.
Paolo P.
Excellent Protection Against Accidental Data Leaks
Reviewed on Jan 12, 2026
Review provided by G2
What do you like best about the product?
It protects against distractedly publishing information that passes inspection when AI engines create .gitignore files. It can even find it in a casual comment.
What do you dislike about the product?
Not a major downside, but sometimes it flags test strings, dummy values.
What problems is the product solving and how is that benefiting you?
I use many API values that obviously should not appear in any repo, even private. GitGuardian does a great job at this task.