Our developers use the GitGuardian platform to securely access and manage secrets within their repositories. This allows them to identify and address any potential security risks.
GitGuardian Platform
GitGuardianExternal reviews
263 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Great to think my secrets are safe!
What do you like best about the product?
One of the most practical aspects is that we may sometimes overlook the configuration settings or the values of environment variables, but now, that's no longer a concern. GitGurdian will take care of that. And it's very very easy to integrate and the features it has are well rounded. And the support from the team is also sensibly quick and responsive.
What do you dislike about the product?
There isn't anything specific, but I believe the user interface could be more intuitive.
What problems is the product solving and how is that benefiting you?
Security constraints are often overlooked, but GitGuardian has addressed this issue for us by providing a way to resolve and escalate concerns to senior staff for review.
Very apt
What do you like best about the product?
It's notifications letting me know what issues might arise from my code in relation to security breaches and things of that nature.
What do you dislike about the product?
There is nothing I can say for that I dislike about gitguardian
What problems is the product solving and how is that benefiting you?
Helping me secure my API KEYS better
GitGuardian for Master's Project
What do you like best about the product?
I have been using GitGuardian for my college Project. First and foremost UX is really good and intuitive. My project is around security so I am aware of the necessity of that and GitGuardian is an appropriate alternative to other open source products. I faced a problem initally and i found enough support to help me around.
What do you dislike about the product?
They could work on a more refined payment plan. This will give more flexibity to all category of developers.
What problems is the product solving and how is that benefiting you?
I have been working on creating a product to provide better enterprise search solutions and this has been helping there.
Helps increase productivity and identify and prioritize security incidents
What is our primary use case?
How has it helped my organization?
GitGuardian's detection capabilities are good.
The accuracy of detections and the false positive rate are good.
It has improved the abilities of our developers and security team.
The playbooks help to identify and prioritize security incidents.
GitGuardian helped us increase our secret detection rate.
GitGuardian helped to increase our security team's productivity. It allows us to find the secrets and their repository faster. As the security team is focusing on one app to audit it, we also look at the GitGuardian findings for that app, and that is easier than looking for the secrets manually.
What is most valuable?
The most valuable feature is the general incident reporting system. It provides informative data with good filtering and reporting options.
What needs improvement?
We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories. Ideally, when a user contributes to a repository, they would be automatically added to GitGuardian and granted access to view that specific repository. This would eliminate the need for manual user creation and permission assignment within the platform.
For how long have I used the solution?
I have been using the GitGuardian Platform for one and a half years.
What do I think about the stability of the solution?
The GitGuardian Platform is stable.
What do I think about the scalability of the solution?
The GitGuardian Platform can deploy at scale.
What's my experience with pricing, setup cost, and licensing?
The pricing for GitGuardian is fair.
What other advice do I have?
I would rate the GitGuardian Platform eight out of ten.
Getting started with GitGuardian required some preliminary setup on our part. This involved configuring both our on-premise GitHub Enterprise server and the GitGuardian application itself, granting the application access to the enterprise server.
GitGuardian requires around two hours per week of maintenance. We have our scripts that add users to the tool as needed. So we have a script that looks at our GitHub server talks to that API, and uses the information from that to add users to GitGuardian. And we have to maintain those because sometimes just like with any code, we have to make sure that process is still working.
GitGuardian's onboarding process and customer success teams were helpful.
I recommend GitGuardian as an easy-to-use tool that tackles a major security risk often overlooked by companies. This platform can significantly improve your software development lifecycle.
While detecting hidden functionality within a security program for application development isn't the highest priority, it does hold some value. If resources allow, it's worth considering incorporating methods to identify such secrets.
Organizations considering the GitGuardian Platform should establish clear action points for employees who will be using the tool. This ensures everyone understands how to leverage GitGuardian effectively within their workflow.
Great Service to know vulnerabilities and accidental secret publishing in git commits
What do you like best about the product?
I almost immediately get email regardiing any public secret pushed or vulnerability in my code pushed to github,
Very easy to understand and useful suggestions.
Very easy to understand and useful suggestions.
What do you dislike about the product?
Many times false positive alerts gets triggerred and like I added blank pem files or dummy secrets. It doesn't have AI intelligence to determine false positives.
What problems is the product solving and how is that benefiting you?
It is helping in identifying any accidental secret leak in git repo and open code vulnerabilities. Using this I can be confident on what is being pushed on github is secure.
Essential Security Safeguard for Code Repositories
What do you like best about the product?
Its ability to detect and alert on sensitive data leaks in real-time is invaluable. The platform's comprehensive coverage and intuitive interface make it easy to stay ahead of potential security breaches.
What do you dislike about the product?
The truth is that for the moment I have used GitGuardia, there is nothing I don't like, I feel all my needs are covered for now.
What problems is the product solving and how is that benefiting you?
- Detecting and preventing sensitive data leaks
- Enhancing security posture of code repositories
- Enhancing security posture of code repositories
Integrates well with our shift-left strategy
What is our primary use case?
The GitGuardian Platform is primarily used for dependency checks within our development process. This allows us to create a catalog of all dependencies used throughout our code repositories.
How has it helped my organization?
We've been impressed with the detection capabilities of the GitGuardian Platform. In fact, it's performing very well compared to other solutions we've evaluated that meet FDA compliance standards. To this end, we're currently in the midst of a trial period with GitGuardian to further assess its effectiveness for our needs.
While GitGuardian is a powerful solution, it's important to consider false positives. Some tools overwhelm users with alerts for unimportant issues, creating a flood of low-severity incidents. This can lead to alert fatigue and make it harder to identify critical problems. In my experience, GitGuardian strikes a good balance between accuracy and false positives, earning it a rating of eight out of ten.
GitGuardian significantly improves our ability to prioritize remediation efforts. Previously, without automatic detection, incidents could take anywhere from one day to a month to fix after being discovered manually. Now, thanks to GitGuardian's alert system, we're notified of new incidents immediately, allowing us to address them quickly – typically within a couple of hours. This ensures that the most critical issues are prioritized and resolved swiftly.
It integrates well with our shift-left strategy. This means it identifies and addresses security vulnerabilities early in the development process, before they can impact our production environment. A good security solution shouldn't disrupt production. If implementing GitGuardian had caused any issues in production, it wouldn't be a suitable choice for our needs.
The use of GitGuardian impacted our developers' and security team's ability to work together on resolving security issues. Our current system routes all new incident alerts directly to both teams. Ideally, upon identifying a clear security issue, we would engage with developers to collaboratively determine the appropriate solution and prioritize based on both severity and urgency.
GitGuardian has helped increase our secrets detection rate.
GitGuardian has significantly boosted our security team's productivity. We've transitioned from manual secret scanning in our repositories to an automated system, making automation the key improvement. This shift has saved the security team valuable time, reducing the time spent per incident by a couple of hours.
The only preparation we had to do to start using GitGuardian was to integrate it into our GitHub account.
In application development security, detecting secrets is one of the most crucial practices. A single exposed secret can inflict enormous damage on a company.
What is most valuable?
The most valuable feature is its ability to automate both downloading the repository and generating a Software Bill of Materials directly from it. This allows us to efficiently obtain the complete SBOM, including all dependencies, for either a new repository or a previously selected one.
What needs improvement?
One of our current challenges is that the GitGuardian platform identifies encrypted secrets and statements as sensitive information even though they're secured. This leads to unnecessary incidents being flagged, causing problems for our workflow. To address this, a context-based secret scanning feature would be a valuable improvement. This functionality would allow the platform to understand the context of the data before flagging it as a secret, reducing the number of false positives.
For how long have I used the solution?
I have been using the GitGuardian Platform for six months.
What do I think about the stability of the solution?
I would rate the stability of the GitGuardian Platform ten out of ten.
What do I think about the scalability of the solution?
GitGuardian meets our scaling needs.
How are customer service and support?
I'm impressed with the technical support team. We have bi-weekly meetings where we discuss any issues, and whenever I need something, I've received a response within a few hours.
The customer success team is another group I truly value meeting with. Their focus aligns directly with the challenges we face. They are incredibly responsive, and if we ever need clarification on anything, they get back to us within a couple of days. Additionally, the onboarding documentation on their website, along with the videos they produce on YouTube, are more than sufficient for getting developers up to speed.
How would you rate customer service and support?
Positive
Which other solutions did I evaluate?
In addition to GitGuardian Platform, we are also evaluating GitHub Dependabot and Snyk. One of the key features that impressed us with GitGuardian Platform is its ability to automatically create incidents for security vulnerabilities. This is particularly helpful because it allows us to prioritize these incidents based on their CVSS score, ensuring we address the most critical issues first.
What other advice do I have?
I would rate the GitGuardian Platform nine out of ten.
Our GitGuardian users are developers.
No maintenance is required from our end.
I recommend GitGuardian because the setup is easy.
GitGaurdian for a institute
What do you like best about the product?
It has helped us in saving tokens and encryption tokens from becoming vulnerable. This has allowed us to get good cybersecurity. it was easy to use because of integration with Git Hub. we have been using it for 6 months and it has saved us quite some time.
What do you dislike about the product?
Everything has been good except the payment plan, apart from that everything else has been smooth for us.
What problems is the product solving and how is that benefiting you?
as said in the pros, guardian has been good for us in saving tokens and encryption tokens. we actually have an attendance portal. where we put up decryption codes on front end and this was secured using gitguardian. Apart from that, it also protected the token at backend.
GitGuardian: Empowering Developers to Write Secure Code
What do you like best about the product?
One of the biggest upsides is the automated detection of secrets in your code. GitGuardian goes beyond simple regex patterns and uses entropy analysis to find hidden credentials, API keys, and other sensitive information you might accidentally commit. This helps prevent accidental leaks that could have serious security consequences.
GitGuardian integrates seamlessly with GitHub and GitHub Actions
GitGuardian integrates seamlessly with GitHub and GitHub Actions
What do you dislike about the product?
Some users find GitGuardian's advanced features come with a steeper learning curve. Understanding the full range of detections and configurations might require additional training or exploration of the documentation.
What problems is the product solving and how is that benefiting you?
GitGuardian automatically scans my code for secrets like API keys, passwords, and other credentials. This prevents me from unknowingly committing them to a public repository, which could be disastrous.
Very useful for the ones conscious about code security
What do you like best about the product?
It checks automatically all vulnerabilities, password, api keys saved in the code, giving us a hand on checking our resources details on publised code. Also it works also for gitlab and bitbucket.
What do you dislike about the product?
As far as I know there is no drawback, nothing to complain so far
What problems is the product solving and how is that benefiting you?
Helping me about passwords, and api keys in my code or property files
showing 21 - 30