GitGuardian Platform
GitGuardianExternal reviews
256 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Instant Secret Detection That Scales to Large Repos
What do you like best about the product?
What I like best about GitGuardian is how it automatically detects secrets and sensitive data in code — even in large repositories and alerts you instantly.
What do you dislike about the product?
One thing I dislike about GitGuardian is that it can sometimes generate false positives, which requires manual review and can slow things down slightly
What problems is the product solving and how is that benefiting you?
GitGuardian solves the problem of exposed secrets and sensitive data in source code and version control systems. It continuously scans code repositories, commits, pull requests, and CI/CD pipelines to automatically detect API keys, credentials, tokens, and other secrets that shouldn’t be in code. By alerting developers and security teams instantly, it prevents leaks that could lead to unauthorized access, data breaches, or financial loss.
The benefits I get from this are:
🔒 Better security — I don’t have to worry about secrets accidentally being committed.
⚡ Faster detection — Issues are caught early, before they reach production.
👩💻 Smoother development workflows — Developers can focus on building rather than manually auditing code.
📊 Clear visibility and tracking — I can see where exposures happen and fix them quickly.
The benefits I get from this are:
🔒 Better security — I don’t have to worry about secrets accidentally being committed.
⚡ Faster detection — Issues are caught early, before they reach production.
👩💻 Smoother development workflows — Developers can focus on building rather than manually auditing code.
📊 Clear visibility and tracking — I can see where exposures happen and fix them quickly.
Excellent Protection Against Accidental Data Leaks
What do you like best about the product?
It protects against distractedly publishing information that passes inspection when AI engines create .gitignore files. It can even find it in a casual comment.
What do you dislike about the product?
Not a major downside, but sometimes it flags test strings, dummy values.
What problems is the product solving and how is that benefiting you?
I use many API values that obviously should not appear in any repo, even private. GitGuardian does a great job at this task.
Accurate Secret Detection with Seamless GitHub Integration
What do you like best about the product?
it is very easy to implement and does not require heavy configuration to start delivering value. The onboarding process is straightforward, and integrations with GitHub and CI/CD pipelines work smoothly, allowing teams to get up and running quickly. I use GG frequently as part of daily development and code review workflows, and it fits naturally without slowing anyone down.
Customer support has been responsive and helpful whenever clarification or guidance was needed, especially during initial setup and alert tuning. The accuracy of secret detection, combined with clear alerts and remediation guidance, makes it a practical security tool that developers actually trust and consistently use.
Customer support has been responsive and helpful whenever clarification or guidance was needed, especially during initial setup and alert tuning. The accuracy of secret detection, combined with clear alerts and remediation guidance, makes it a practical security tool that developers actually trust and consistently use.
What do you dislike about the product?
The pricing may seem somewhat steep for smaller teams or early-stage startups, particularly when expanding usage to multiple repositories. At first, some alerts might need to be adjusted to minimize unnecessary notifications, which involves a bit of a learning curve. Furthermore, the advanced features and options for policy customization could offer greater flexibility, especially for organizations that have highly specific internal security processes.
What problems is the product solving and how is that benefiting you?
This tool helps me prevent accidental credential leaks, which pose significant security risks and compliance challenges. By identifying secrets early in commits and pull requests, it lowers the likelihood of production breaches, unauthorized access, and expensive incident responses. As a result, it enhances overall security, saves developers time, and fosters client trust by ensuring sensitive data is well protected.
Top-Notch Secret Detection and Auto Review Features
What do you like best about the product?
The auto review of the files after pushing and the detection system of the secrets is top notch of the Gitguardian. That's what I love most about it.
What do you dislike about the product?
Nothing specific but the process of finding the leaked variable is a little difficult which can be improved
What problems is the product solving and how is that benefiting you?
There are many problems that it is solving like for example env variables leak detection, even security detection if there is any kind of vulnerability or something in the code.
This really helps me to protect my secrets from the world and in very very efficient way
Because it is really difficult to keep up the detection yourself if the code is thousands of lines.
This really helps me to protect my secrets from the world and in very very efficient way
Because it is really difficult to keep up the detection yourself if the code is thousands of lines.
Comprehensive Password Leak Detection You Can Trust
What do you like best about the product?
I fancy that GitGuardian let's me know almost all the possible issues with leaked passwords as there is to know.
What do you dislike about the product?
I can't really think of something I dislike about their service. We're all progressing in life and so are the systems. Maybe in future it is possible to scan *example set passwords and flag them as not a real hard coded password, with the use of ai.
What problems is the product solving and how is that benefiting you?
This system gives me some assurance about hard coded passwords in my code. Although I can be pretty sure about my code it's nice to have another system to double check the facts.
Automated Secrets Checking and Incident Dashboard—All for Free!
What do you like best about the product?
Automated secrets checking and an incident dashboard -- and for free! Once the extension is installed and/or the cli, use is nearly effortless. AI assistants easily perform scans with little prompting specificity required, so the barriers to integration are pretty low too.
What do you dislike about the product?
In my experience, secret remediation hasn't been as automated as I would find helpful, at least with my current setup. However, I should note that I haven't fully explored all the available options in this area yet.
What problems is the product solving and how is that benefiting you?
Preventing the commitment of secrets is a highly effective way to reduce the potential attack surface and guard against intrusions.
Accurate Secret Detection and Token Validation Made Easy
What do you like best about the product?
The tool scans for secrets and tokens, and it also highlights the exact location of any leaked token. Additionally, it identifies which specific token has been exposed and indicates whether it is still valid.
What do you dislike about the product?
Could you please provide a student offer? I would really appreciate it.
What problems is the product solving and how is that benefiting you?
As a software developer who is still learning, I sometimes forget to store secrets in the .env file. That's where gitguardian comes in—it notifies me whenever I accidentally commit a token.
(mainly) monitoring apikey disclosure
What do you like best about the product?
I appreciate how quickly and accurately incidents are reported.
What do you dislike about the product?
Sometimes the reports are a bit hard to read.
What problems is the product solving and how is that benefiting you?
(Mainly) to monitor my git repository changes and prevent unauthorized disclosure of API keys (or other sensitive credentials).
The Best Solution for Secure Key Sharing
What do you like best about the product?
This tool is the best solution I've found for addressing the issue of sharing secret keys through bad practices.
What do you dislike about the product?
At the moment, this isn't an issue for me.
What problems is the product solving and how is that benefiting you?
The tool helped me resolve issues related to my secret keys and addressed the problems assigned to me. I found the settings easy to understand, and I am grateful for this tool.
Instant Secrets Detection with Actionable Alerts
What do you like best about the product?
GitGuardian delivers immediate detection and response. When a sensitive file, credential, or secret slips into a commit, it flags it within seconds and pinpoints the exact line that triggered the alert. The platform forces clarity: it shows the severity, lets me classify the criticality, and pushes fast remediation instead of noise. The value is precision, speed, and zero guesswork.
What do you dislike about the product?
The alerting is fast, but the volume can feel heavy when working across multiple repos with frequent commits. False positives still appear, which adds review time. The remediation steps are clear, yet the interface for navigating multiple incidents can feel cluttered, and sorting through similar alerts requires extra manual filtering.
What problems is the product solving and how is that benefiting you?
It closes the gap between accidental secret exposure and detection. The moment a credential or sensitive file is committed, it identifies the leak, marks the exact line, and forces immediate remediation. This removes manual scanning, reduces the risk window, and keeps repos clean during SAST and secure code review.
showing 1 - 10