My use case for the GitGuardian Platform is application security for our enterprise repository.
GitGuardian Platform
GitGuardianExternal reviews
256 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Excellent Protection Against Accidental Data Leaks
What do you like best about the product?
It protects against distractedly publishing information that passes inspection when AI engines create .gitignore files. It can even find it in a casual comment.
What do you dislike about the product?
Not a major downside, but sometimes it flags test strings, dummy values.
What problems is the product solving and how is that benefiting you?
I use many API values that obviously should not appear in any repo, even private. GitGuardian does a great job at this task.
Accurate Secret Detection with Seamless GitHub Integration
What do you like best about the product?
it is very easy to implement and does not require heavy configuration to start delivering value. The onboarding process is straightforward, and integrations with GitHub and CI/CD pipelines work smoothly, allowing teams to get up and running quickly. I use GG frequently as part of daily development and code review workflows, and it fits naturally without slowing anyone down.
Customer support has been responsive and helpful whenever clarification or guidance was needed, especially during initial setup and alert tuning. The accuracy of secret detection, combined with clear alerts and remediation guidance, makes it a practical security tool that developers actually trust and consistently use.
Customer support has been responsive and helpful whenever clarification or guidance was needed, especially during initial setup and alert tuning. The accuracy of secret detection, combined with clear alerts and remediation guidance, makes it a practical security tool that developers actually trust and consistently use.
What do you dislike about the product?
The pricing may seem somewhat steep for smaller teams or early-stage startups, particularly when expanding usage to multiple repositories. At first, some alerts might need to be adjusted to minimize unnecessary notifications, which involves a bit of a learning curve. Furthermore, the advanced features and options for policy customization could offer greater flexibility, especially for organizations that have highly specific internal security processes.
What problems is the product solving and how is that benefiting you?
This tool helps me prevent accidental credential leaks, which pose significant security risks and compliance challenges. By identifying secrets early in commits and pull requests, it lowers the likelihood of production breaches, unauthorized access, and expensive incident responses. As a result, it enhances overall security, saves developers time, and fosters client trust by ensuring sensitive data is well protected.
Automated Secrets Checking and Incident Dashboard—All for Free!
What do you like best about the product?
Automated secrets checking and an incident dashboard -- and for free! Once the extension is installed and/or the cli, use is nearly effortless. AI assistants easily perform scans with little prompting specificity required, so the barriers to integration are pretty low too.
What do you dislike about the product?
In my experience, secret remediation hasn't been as automated as I would find helpful, at least with my current setup. However, I should note that I haven't fully explored all the available options in this area yet.
What problems is the product solving and how is that benefiting you?
Preventing the commitment of secrets is a highly effective way to reduce the potential attack surface and guard against intrusions.
(mainly) monitoring apikey disclosure
What do you like best about the product?
I appreciate how quickly and accurately incidents are reported.
What do you dislike about the product?
Sometimes the reports are a bit hard to read.
What problems is the product solving and how is that benefiting you?
(Mainly) to monitor my git repository changes and prevent unauthorized disclosure of API keys (or other sensitive credentials).
Fast and Accurate Secret Detection
What do you like best about the product?
It is able to catch missed secrets, fast. It is automated so it is easy to sue and implemented/integrated automatically. It is always active so it detects new issues as fast as they are committed, usage is good. Never had to try to reach out to customer support, so that's a plus.
What do you dislike about the product?
Removing false flag has a not-good-enough UX.
What problems is the product solving and how is that benefiting you?
I am able to find out missed secrets, even placeholder values are detected, which I put during testing. So that's something that is forgettable to remove, but GitGuardian detecting comments as well is really smart.
Powerful tool for keeping secrets secure in repositories
What do you like best about the product?
I really like how GitGuardian automatically detects exposed secrets in my code and integrates smoothly with GitHub. It saves me a lot of time.
What do you dislike about the product?
Sometimes it can trigger false positives or flag secrets that are already safe, which requires extra review time.
What problems is the product solving and how is that benefiting you?
GitGuardian helps detect and prevent secrets like API keys or credentials from being committed to repositories. It saves time during code reviews and ensures better security compliance. It also integrates well with CI/CD pipelines, helping our team catch leaks early.
GitGuardian Journey
What do you like best about the product?
Well the fact that aside from notifying you it tells you the specific location it helps a lot specially with a codebase that uses frameworks it kinda get messy. Since I install gitguardian all my repository is connected into it seamlessly.
What do you dislike about the product?
None so far but I would guess I don't know if it exist but it would be amazing to make it on click and store or remove the keys directly
What problems is the product solving and how is that benefiting you?
Well primarily it helps us really stored our keys.
Always making sure that my repos are not exposed.
What do you like best about the product?
The instant emails about a potential threat
What do you dislike about the product?
Nothing. I think GitGuardian does a good job of protecting my repos
What problems is the product solving and how is that benefiting you?
The problems that gitguardian is solving is when I forget to protect API keys and I push something into my repo
GitGaurdian - Project Gaurdian
What do you like best about the product?
What I like best about GitGuardian is its ability to automatically scan my code for sensitive information, such as API keys, passwords, and access tokens. It’s incredibly reassuring knowing that I’m alerted in real time if any secrets are accidentally committed to my repositories.
The integration with GitHub, GitLab, and Bitbucket is seamless, making it easy to set up and use without any hassle. Plus, the fact that it can scan both public and private repositories adds an extra layer of security, which is essential for any serious project.
Another standout feature is its detailed alerts that give you all the information you need to quickly address any vulnerabilities. It saves me from the stress of manually checking for potential leaks, which would be a huge pain, especially in larger codebases.
Overall, GitGuardian is a fantastic tool for anyone looking to maintain strong security practices while keeping their development process smooth. Highly recommend it!
The integration with GitHub, GitLab, and Bitbucket is seamless, making it easy to set up and use without any hassle. Plus, the fact that it can scan both public and private repositories adds an extra layer of security, which is essential for any serious project.
Another standout feature is its detailed alerts that give you all the information you need to quickly address any vulnerabilities. It saves me from the stress of manually checking for potential leaks, which would be a huge pain, especially in larger codebases.
Overall, GitGuardian is a fantastic tool for anyone looking to maintain strong security practices while keeping their development process smooth. Highly recommend it!
What do you dislike about the product?
While GitGuardian is generally a great tool, there are a couple of things that could be improved. For starters, the alert system can sometimes be a bit too sensitive. I’ve received notifications about things that don’t always feel like high risks, which can be a little overwhelming if you’re working on multiple projects at once.
Another downside is that while the free tier is useful, it’s quite limited. If you need more advanced features like deeper scanning, monitoring private repositories, or getting more detailed reports, you have to pay for the premium version. This might be a bit of a stretch for solo developers or smaller teams on a tight budget.
Lastly, sometimes the false positives can get annoying, especially if you're working with a lot of environment-specific variables or certain configurations that GitGuardian flags as secrets when they’re really not. It requires a bit of manual tuning to filter out unnecessary warnings.
Another downside is that while the free tier is useful, it’s quite limited. If you need more advanced features like deeper scanning, monitoring private repositories, or getting more detailed reports, you have to pay for the premium version. This might be a bit of a stretch for solo developers or smaller teams on a tight budget.
Lastly, sometimes the false positives can get annoying, especially if you're working with a lot of environment-specific variables or certain configurations that GitGuardian flags as secrets when they’re really not. It requires a bit of manual tuning to filter out unnecessary warnings.
What problems is the product solving and how is that benefiting you?
GitGuardian is solving a crucial problem in modern software development: the accidental exposure of sensitive information in code repositories. Whether it’s an API key, a database password, or a private token, these secrets can easily slip into version control systems, leading to security breaches, data leaks, or even full-blown hacks. GitGuardian catches these vulnerabilities before they become a problem, allowing me to be confident that my code is safe.
For me, the biggest benefit has been the peace of mind it provides. I no longer have to worry about manually reviewing every line of code or inspecting every commit for exposed secrets. GitGuardian does that for me in real time, which is a huge time-saver. Plus, it’s integrated into my GitHub, GitLab, and Bitbucket workflows, meaning I get alerts immediately after committing sensitive information, so I can take quick action to remediate it.
This automated scanning has prevented potential security disasters, especially in larger projects where it would be easy to overlook a mistake. Overall, GitGuardian has made security a lot less stressful and has ensured that I can focus more on coding and less on worrying about leaks.
For me, the biggest benefit has been the peace of mind it provides. I no longer have to worry about manually reviewing every line of code or inspecting every commit for exposed secrets. GitGuardian does that for me in real time, which is a huge time-saver. Plus, it’s integrated into my GitHub, GitLab, and Bitbucket workflows, meaning I get alerts immediately after committing sensitive information, so I can take quick action to remediate it.
This automated scanning has prevented potential security disasters, especially in larger projects where it would be easy to overlook a mistake. Overall, GitGuardian has made security a lot less stressful and has ensured that I can focus more on coding and less on worrying about leaks.
Supports application security by detecting a wide range of secrets and allows integration into existing vulnerability management processes
What is our primary use case?
How has it helped my organization?
The solution has improved our organization. We are still in the rollout, but the users who are utilizing it are very happy, especially about the feature that enables pre-commit hooks in Git that will not raise to the remote repository. This is a very good feature that our developers use very heavily.
What is most valuable?
The best features of the GitGuardian Platform are that it finds many different secrets, more than other competitors, and the support from the colleagues is also very good.
The GitGuardian Platform helps in monitoring and protecting our code repositories from leakage. It helps significantly because we connected our vulnerability management process to this, and the colleagues from vulnerability management have much easier work since we have the GitGuardian Platform installation due to the dedicated incidents or issues which are opened automatically.
The alerting capabilities and threat intelligence features of the GitGuardian Platform are managed by another team; we only host the platform.
The audit logs and compliance reports from GitGuardian are very helpful because, in the past, we needed to do it manually by scanning the repos. Now with GitGuardian Platform, we have a really good overview of what is open, what is closed, and how critical the issues are.
What needs improvement?
The areas that have room for improvement involve the missing feature to add custom detectors for the GitGuardian Platform, which would help us check if internal secrets are still valid or not.
I assess the accuracy of the detection from the GitGuardian Platform as very good because we don't have many false positives, which means the quality is very good. The only thing we want to have are some additional detectors which help us to prioritize, especially since enterprise secrets are found, but they cannot verify if they are valid or not.
For how long have I used the solution?
I have been using the GitGuardian Platform for one and a half years.
What do I think about the stability of the solution?
The stability of the GitGuardian Platform is excellent. We don't have any problems with the stability of the system at all.
What do I think about the scalability of the solution?
The scalability of the GitGuardian Platform is excellent.
How are customer service and support?
The technical support from the GitGuardian Platform deserves a rating of nine out of ten.
How would you rate customer service and support?
Positive
What about the implementation team?
The deployment of the GitGuardian Platform is very easy because it's a Helm chart which is very easy to install for us. The deployment took several days.
What's my experience with pricing, setup cost, and licensing?
I have no information about pricing, but since they won the request for quotation, I believe it's a good price.
Which other solutions did I evaluate?
We created a technical evaluation and checked against other providers, though I don't remember the names. The GitGuardian Platform has the best technical capabilities, and our procurement handles the pricing part.
What other advice do I have?
The GitGuardian Platform is used worldwide in our environment.
Currently, we have approximately 1,300 licenses for the GitGuardian Platform, but we will increase to 2,000 next year.
The solution requires maintenance from our side only for user management, which is normal for each application.
I cannot quantify how much time or resources the GitGuardian Platform saves us because this is spread across all teams worldwide.
I would recommend the GitGuardian Platform to other users because the integration with GitHub and Azure DevOps is very easy, and you also have the possibility to use it locally on your IDE. This is a very good solution.
I rate the GitGuardian Platform a nine out of ten because room for improvement is always possible, but it's really good.
showing 1 - 10