I use GitGuardian Platform to ensure that there are no secrets committed, such as hardcoded values, database credentials, API keys, or any secrets that could be exposed to external users of our application. To maintain security and data accuracy, confidential data should not be shared with other platforms. GitGuardian Platform checks our local code first, then it passes through our CI/CD pipeline as well. When we push code to GitHub, it scans and sends a report via Gmail, so we have to fix those security vulnerabilities.

The best features of GitGuardian Platform are that it detects everything being pushed through the repository and scans everything comprehensively. It checks the possibility of exposure, so if there are API keys or database passwords being used, it warns us to either remove, rotate, or replace them, ensuring they should not be present in a GitGuardian Platform scan.

Our company has seen many benefits from using GitGuardian Platform, especially since there have been numerous cyber attacks and security threats in the last two to three years. Our company has remained very safe in this regard because we need to secure our data effectively, being in the insurance reinsurance sector. GitGuardian Platform ensures our data is protected by regularly scanning the repositories and sending us reports on how to fix vulnerabilities, keeping us safe from cyber attacks.

GitGuardian Platform could improve by providing a more user-friendly UI with tips or solutions. With AI advancements, they could offer AI-specific solutions in scanning reports, suggesting fixes for GitGuardian Platform incidents, and even permit automated fixes, which would significantly reduce the developer's workload.

I have been using GitGuardian Platform for the last one year.

Stability and availability of GitGuardian Platform are commendable; it is stable and available.

It is stable because when I push changes, it scans immediately, confirming fixes. There is no downtime during scanning, maintaining stability and availability.

I find support good since we have not needed much help from them. The guidelines provided are sufficient for guiding us on what to fix.

There are many tools in our organization for similar purposes, but GitGuardian Platform is specifically for exposing secrets. We also use Snyk for vulnerability scanning, among others, though I cannot recall all of them.

The decision was made by my organization, not me, so I am not sure about the parameters they considered before choosing GitGuardian Platform.

GitGuardian Platform prioritizes incidents in our workflow through automated validity checks. There are high risk, low risk, and medium risk incidents raised, and the infosec team prioritizes them and approaches us, the developers who pushed those changes, to fix them accordingly.

GitGuardian Platform's public leakage detection influences our company's data security as a precaution. We are not sure if data might be exposed, but taking this precaution by scanning the repositories is crucial. A cyber attacker just needs one piece of data, so we ensure at least that one thing is secured. It is about cyber attack prevention, ensuring all our data remains safe.

It rates the effectiveness of severity in incident management based on the severity of the change. This allows us to address the most important ones first. It checks what has been pushed from the code, raising a high-level vulnerability if database-related passwords are involved and reports it urgently. For low-level issues like hardcoded values for APIs, it is reported accordingly based on priority.

I use GitGuardian Platform's automated playbooks for scanning. Productivity-wise, these playbooks help me know if I am going to push code with secrets. I am aware now, so I intentionally avoid that, ensuring I write good code. It increases my productivity by helping me fix issues proactively. If GitGuardian Platform were not here and vulnerabilities were discovered later, there could be severe consequences. Currently, that impact has been reduced, minimizing our efforts significantly through early precautions.

Our organization is currently innovating on the AI side, which includes creating a custom agent to fix vulnerabilities, similar to GitHub Copilot. This agent automates changes required based on GitGuardian Platform scanning, closing incidents directly. This support reduces our efforts and timelines.

Fixing vulnerabilities now takes approximately 60% less time. If fixing took ten days, I now do it in six. I am not sure about multi-vault integration because I am just a developer using it to fix my code changes. I am not sure if I am using GitGuardian Platform's Honey Tokens feature. I would rate this product an 8.5 overall.

As a SOC analyst, my main use case for GitGuardian Platform is to detect the exposure of secrets such as API keys, tokens, and passwords. It integrates with GitLab and Slack, allowing me to receive immediate alerts in Slack whenever a secret leaks in a commit. This helps me investigate incidents from the GitGuardian Platform dashboard efficiently.

From a SOC perspective, it aids in quickly identifying risk exposures and coordinating with developers for remediation. This is the primary use case.

In one scenario, a developer accidentally committed an API key into a GitHub repository, and within less than a minute, I received an alert in Slack from GitGuardian Platform. I quickly checked the alert, confirmed it was a valid key, informed the developer, and revoked and rotated the key immediately. If this was not detected quickly, that key could have been misused or exposed to the public, potentially allowing worldwide attackers or hackers to exploit it. This real-time detection has helped me significantly and has reduced the risk efficiently.

In another case, an API key was accidentally pushed into a GitHub commit, and GitGuardian Platform detected it within seconds. I immediately revoked the key before any misuse occurred. Without this tool, it could have gone unnoticed. GitGuardian Platform's primary use case for my organization is to detect API keys and manage modifications mainly for this purpose.

The best features GitGuardian Platform offers include wide detection coverage with an accuracy of 100 percent. In very few cases, it results in false positives. It also has a clean dashboard for incident tracking, which are the most valuable features.

Regarding the detection coverage and dashboard features, I find that its most valuable aspect is the detection coverage and real-time alerting capability. GitGuardian Platform can detect a wide range of secrets, including API keys, tokens, passwords, and cloud-related credentials across repositories. The coverage is strong because it supports various types of secrets, not just basic ones. What I find really useful is how fast it detects issues, usually within seconds after a commit, providing real-time alerts. This makes a significant difference in reducing risk. The dashboard is very clean and user-friendly, allowing any department employee to utilize it easily.

GitGuardian Platform combines detection, visibility, and quick response in one workflow, and this is the best aspect.

Since implementing GitGuardian Platform in my organization, I have noted several positive impacts. Before GitGuardian Platform, secret detection was mostly manual and unreliable. In both my previous and current organizations, tracking everything manually was highly impossible.

I have three areas for improvement regarding GitGuardian Platform. One is the incident assignment process, which could be improved. The second would be the implementation of team-based assignments instead of individual ones, which would help significantly. Lastly, some minor false positives still occur, and they could improve that as well. Remediation actions such as key rotations are not handled inside the platform and need to be done externally.

I have been using GitGuardian Platform for the past two years.

Based on my experience, GitGuardian Platform is very stable, and I have not seen any major downtime issues. The scalability is decent, but managing incidents manually can become slightly challenging as the number of developers increases.

Scalability for GitGuardian Platform in my organization is manageable, but it can be challenging with a larger team.

Before using GitGuardian Platform, I was utilizing GitLeaks, which is a free resource. I switched to GitGuardian Platform because it is a significantly better solution compared to GitLeaks, as the limitations of free products are always apparent.

I did not evaluate other options before choosing GitGuardian Platform.

Since GitGuardian Platform is a SaaS product, the basic setup, including integration with GitHub and configuration of alerts, takes around ten to fifteen minutes. Some additional time is spent on fine-tuning alerting and workflows, but overall, the initial setup is very straightforward and fast.

I have a business relationship with this vendor only as a customer; there is no partnership.

Regarding the return on investment from using GitGuardian Platform, I can say that it has reduced manual effort, allowed for faster detection within seconds, and decreased the risk of credential leaks, which directly improves security and saves time for both SOC and developer teams.

Since implementing GitGuardian Platform in my organization, I have noted several positive impacts. After starting to use GitGuardian Platform, I can summarize the improvements in three points: the risk of credential exposures has significantly reduced, detection has become automated, and SOC and developer teams have saved a lot of time.

My personal feeling about the pricing of GitGuardian Platform is that it is higher compared to free tools such as GitLeaks. I feel the cost is too high. However, the value from centralized dashboard features, incident management, and integration makes it worthwhile for an enterprise environment. Unfortunately, for a startup such as mine, it is not affordable.

If organizations currently using GitLeaks are considering GitGuardian Platform, I would advise them to switch, as it offers detection along with incident management and integration, making GitGuardian Platform a more complete and suitable solution for enterprise use.

In my previous organizations, my main infrastructure was hosted on Azure and AWS. For GitGuardian Platform in my previous organization, I believe it was a direct purchase from the vendor, not through the AWS Marketplace. I would rate GitGuardian Platform an eight out of ten.