GitGuardian Platform logo

    GitGuardian Platform

    The end-to-end secrets security platform for enterprises. Scan and fix hardcoded secrets in source code, CI/CD pipelines, and productivity tools with GitGuardian code security platform.

    Ratings and reviews

    4.8
    281 ratings
    2 star
    1 star
    90%
    9%
    1%
    0%
    0%
    4 AWS reviews
    |
    277 external reviews
    External reviews are from G2  and PeerSpot .

    Filters

    Review type

    AWS Marketplace reviews
    External reviews
    Reviews (281)
    Computer Software

    Weekly Repo Insights with Helpful Fix Suggestions

    Reviewed on Jun 26, 2026
    Review provided by G2
    What do you like best about the product?
    This service sends weekly emails about your repos where you’ve configured it. It also includes a probable fix if it finds any kind of malfunction anywhere in the repo.
    What do you dislike about the product?
    Sometimes it catches errors that aren’t really that serious, but it also catches things that I don’t expect or can’t predict. I think that, as a service-based model, it should be more precise when tracking the severity of an error.
    What problems is the product solving and how is that benefiting you?
    It helps me track whether anything wrong has been pushed to my repo while I’m working on my code. When I’m handling a very big repository, it becomes really hard for me to maintain each and every aspect of it. That’s where GitGuardian actually helps me: it lets me see what has been pushed, what I should not push, and if I’ve made a mistake, it can also run a workflow to fix it.
    ashikur j.

    Vulnerability Checks Made Easy with a Simplified UI

    Reviewed on Jun 23, 2026
    Review provided by G2
    What do you like best about the product?
    The vulnerability check and simplified UI to resolve the issues.
    What do you dislike about the product?
    Sometimes the webpage gets a performance issue and lags when I try to resolve an issue.
    What problems is the product solving and how is that benefiting you?
    Major environmental secret keys are being flashed to the public, and give me support to update vulnerable node packages.
    Cristopher B.

    Quick, Helpful Secret Incident Alerts with an Easy-to-Understand UI

    Reviewed on Jun 23, 2026
    Review provided by G2
    What do you like best about the product?
    The Secret internal incidents notification is quick and helpful, and the UI is easy to understand if you have experience with similar tools.
    What do you dislike about the product?
    Honestly, I haven’t had any inconveniences. I use GitGuardian to get quick reports when a secret is public, and for that it’s been incredible.
    What problems is the product solving and how is that benefiting you?
    It helps me check whether any secrets have slipped into the code. It’s especially useful in the early stages of development, because I can focus more on coding instead of constantly double-checking that I didn’t forget to remove a secret. And if something does get leaked, I can easily find it and remove access to that specific secret.
    Viswajith R.

    Flags Unsafe Commits and Prevents Sensitive Data Leaks—Works as Advertised

    Reviewed on Jun 18, 2026
    Review provided by G2
    What do you like best about the product?
    We use it in our organization to flag unsafe commits and to prevent sensitive information from leaking, even when we’re working in private repositories.
    What do you dislike about the product?
    I don't see any downsides. It works as advertised.
    What problems is the product solving and how is that benefiting you?
    We use primarily for blocking commits with sensitive data
    אלי .

    Clear, Descriptive UI That Makes Incident Management Easy

    Reviewed on Jun 09, 2026
    Review provided by G2
    What do you like best about the product?
    I liked most the clear and descriptive UI, where you see the incident type, the full code with the highlighted relevant characters, and a CTA panel that allows you to manage it properly. A great and important work, thank you all, guys!
    What do you dislike about the product?
    I've no comments about the UI, what I think is recommended is to add a smart AI check that will notice if a secret is actually just a placeholder. Most of the incidents I got was this kind of secrets.
    What problems is the product solving and how is that benefiting you?
    In many cases local secrets like env files are getting accidentally pushed to Github, I encountered such cases sometimes, and unless GitGuardian - I think it was still there...
    Hesler Z.

    Flexible Source Code Security Guidelines That Fit Our Team

    Reviewed on Jun 04, 2026
    Review provided by G2
    What do you like best about the product?
    The capability to let the team adapt the requirements and guidelines of the security of source code
    What do you dislike about the product?
    Not clear instructions at first integration, must know and navigate the software a lot before start implement it
    What problems is the product solving and how is that benefiting you?
    Its solving the quality and performance of the software, also easy integration with AI
    Frankline M.

    Timely Key Leak Alerts Even in Private Repos

    Reviewed on May 05, 2026
    Review provided by G2
    What do you like best about the product?
    If I accidentally commit keys, I get very timely reminders about the issue, even when it’s committed to a private repo.
    What do you dislike about the product?
    I don’t see clear remediation steps inside GitGuardians. I’d really appreciate an option to immediately revoke any submitted keys, or to have those keys masked right away within the repo.
    What problems is the product solving and how is that benefiting you?
    prevents accidental submission of critcal API keys
    Rafael R.

    Fast, Reliable Alerts for Exposed API Keys and Secrets

    Reviewed on Apr 28, 2026
    Review provided by G2
    What do you like best about the product?
    I appreciated how quickly I was notified when an API key or secret was found.
    What do you dislike about the product?
    Nothing so far everything has worked as expected.
    What problems is the product solving and how is that benefiting you?
    It helps keep us safe, so we don’t end up exposed to things that could hurt us. It feels like an ever-present eye watching out for our safety.
    Troy C.

    Comprehensive Secret Detection and NHI Management with GitGuardian

    Reviewed on Apr 19, 2026
    Review provided by G2
    What do you like best about the product?
    Gitguardian is a comprehensive code security platform primarily designed to detect and remediate hardcoded secrets (API keys, credentials, certificates) and manage Non-Human Identities (NHIs) in software development. It is widely used to prevent security breaches caused by leaked credentials in source code and DevOps pipelines.
    What do you dislike about the product?
    I have found no downsides of using GitGuardian.
    What problems is the product solving and how is that benefiting you?
    GitGuardian helps businesses resolve critical security, compliance, and operational risks associated, such as the accidental inclusion of sensitive information (API keys, database credentials, certificates) in source code and developer tools.
    Sanket-Shinde

    Secret scanning has protected sensitive data and now streamlines fixing vulnerabilities

    Reviewed on Apr 19, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I use GitGuardian Platform to ensure that there are no secrets committed, such as hardcoded values, database credentials, API keys, or any secrets that could be exposed to external users of our application. To maintain security and data accuracy, confidential data should not be shared with other platforms. GitGuardian Platform checks our local code first, then it passes through our CI/CD pipeline as well. When we push code to GitHub, it scans and sends a report via Gmail, so we have to fix those security vulnerabilities.

    What is most valuable?

    The best features of GitGuardian Platform are that it detects everything being pushed through the repository and scans everything comprehensively. It checks the possibility of exposure, so if there are API keys or database passwords being used, it warns us to either remove, rotate, or replace them, ensuring they should not be present in a GitGuardian Platform scan.

    Our company has seen many benefits from using GitGuardian Platform, especially since there have been numerous cyber attacks and security threats in the last two to three years. Our company has remained very safe in this regard because we need to secure our data effectively, being in the insurance reinsurance sector. GitGuardian Platform ensures our data is protected by regularly scanning the repositories and sending us reports on how to fix vulnerabilities, keeping us safe from cyber attacks.

    What needs improvement?

    GitGuardian Platform could improve by providing a more user-friendly UI with tips or solutions. With AI advancements, they could offer AI-specific solutions in scanning reports, suggesting fixes for GitGuardian Platform incidents, and even permit automated fixes, which would significantly reduce the developer's workload.

    For how long have I used the solution?

    I have been using GitGuardian Platform for the last one year.

    What do I think about the stability of the solution?

    Stability and availability of GitGuardian Platform are commendable; it is stable and available.

    It is stable because when I push changes, it scans immediately, confirming fixes. There is no downtime during scanning, maintaining stability and availability.

    How are customer service and support?

    I find support good since we have not needed much help from them. The guidelines provided are sufficient for guiding us on what to fix.

    Which other solutions did I evaluate?

    There are many tools in our organization for similar purposes, but GitGuardian Platform is specifically for exposing secrets. We also use Snyk for vulnerability scanning, among others, though I cannot recall all of them.

    The decision was made by my organization, not me, so I am not sure about the parameters they considered before choosing GitGuardian Platform.

    What other advice do I have?

    GitGuardian Platform prioritizes incidents in our workflow through automated validity checks. There are high risk, low risk, and medium risk incidents raised, and the infosec team prioritizes them and approaches us, the developers who pushed those changes, to fix them accordingly.

    GitGuardian Platform's public leakage detection influences our company's data security as a precaution. We are not sure if data might be exposed, but taking this precaution by scanning the repositories is crucial. A cyber attacker just needs one piece of data, so we ensure at least that one thing is secured. It is about cyber attack prevention, ensuring all our data remains safe.

    It rates the effectiveness of severity in incident management based on the severity of the change. This allows us to address the most important ones first. It checks what has been pushed from the code, raising a high-level vulnerability if database-related passwords are involved and reports it urgently. For low-level issues like hardcoded values for APIs, it is reported accordingly based on priority.

    I use GitGuardian Platform's automated playbooks for scanning. Productivity-wise, these playbooks help me know if I am going to push code with secrets. I am aware now, so I intentionally avoid that, ensuring I write good code. It increases my productivity by helping me fix issues proactively. If GitGuardian Platform were not here and vulnerabilities were discovered later, there could be severe consequences. Currently, that impact has been reduced, minimizing our efforts significantly through early precautions.

    Our organization is currently innovating on the AI side, which includes creating a custom agent to fix vulnerabilities, similar to GitHub Copilot. This agent automates changes required based on GitGuardian Platform scanning, closing incidents directly. This support reduces our efforts and timelines.

    Fixing vulnerabilities now takes approximately 60% less time. If fixing took ten days, I now do it in six. I am not sure about multi-vault integration because I am just a developer using it to fix my code changes. I am not sure if I am using GitGuardian Platform's Honey Tokens feature. I would rate this product an 8.5 overall.