Security posture has improved and platform identifies and remediates code and identity risks
What is our primary use case?
GitGuardian Platform's primary use case is to identify vulnerabilities within the source code in our environment. We detect and fix the vulnerabilities while using this platform to monitor and enforce rules across DevOps tools, infrastructure, and source code configurations. It is a detection engine that is very intelligent and provides vulnerability and security gaps that we work to remediate.
We generally use GitGuardian Platform to identify vulnerabilities and data leaks within the codebase and detect secrets before pushing into any remote Git repository. With the help of this internal security monitoring platform, it has protected our data.
GitGuardian Platform is designed to help our organization identify security vulnerabilities within non-human identities' security postures. It also addresses compliance, standards, and regulations. Our non-human identities are majorly targeted to gain account credentials.
What is most valuable?
GitGuardian Platform identifies the risk and vulnerabilities within the source code, and our security team monitors that while we proactively work on vulnerabilities or security risks associated with non-human identities, source code, service accounts, service principals, and applications. We fix those vulnerabilities, which helps us maintain standard and regulatory compliance postures and gives leadership the ability to present external accessibility.
GitGuardian Platform is more reliable in terms of monitoring and helps us prevent data leaks. The interface is easy to navigate, and the remediation workflow with developer attribution and context provides good value. It provides historical secret and detection information across the Git repository and in CI and CD pipelines.
Since we started using GitGuardian Platform, we have observed many vulnerabilities or security risks associated with non-human identities, service accounts, and applications. Previously, attackers were increasingly targeting our non-human identities, service accounts, or applications. GitGuardian Platform integrates secret security with non-human identities governance, and this dual approach enables the detection of compromised secrets across the development environment. It helps protect non-human identities and mitigate associated risks. Our security posture has improved by seventy percent with GitGuardian Platform identifying and mitigating threats.
What needs improvement?
Speed is not optimal, and this is a downside. The pricing is competitive, but we would appreciate lower prices for the services. The ticketing system could be improved with more granular control options.
GitGuardian Platform could be integrated with other open-source platforms or GitHub platforms to improve overall functionality and features in terms of performance, integration efforts, professional support, and the GUI, which would provide additional value.
GitGuardian Platform is working as designed and identifying security risks by priority within the source code and identities, so no improvement is needed at this time.
GitGuardian Platform is excellent for saving tokens and encryption keys. Integration and implementation are straightforward, and the overall experience has been positive except for the payment plan process, which could be improved.
For how long have I used the solution?
I have been using GitGuardian Platform for two years.
What do I think about the stability of the solution?
GitGuardian Platform is very stable.
What do I think about the scalability of the solution?
GitGuardian Platform is highly scalable and can be deployed and integrated according to our requirements and pricing budget. Features can be enabled based on our budget and pricing requirements.
Which solution did I use previously and why did I switch?
We used Token Security and other platforms before moving to GitGuardian Platform because token security was not adequate for our needs.
We previously used Entro Security, OSC Security, and Token Security before transitioning to GitGuardian Platform.
How was the initial setup?
The vendor clearly explained the pricing, setup cost, and licensing and provided us complete details about the licensing, professional support, integration, development, deployment duration, and phases.
What about the implementation team?
We purchased GitGuardian Platform through the AWS Marketplace.
What was our ROI?
GitGuardian Platform has delivered a seventy to eighty percent improvement. It has definitely helped us with user metrics, user resource utilization, and time savings, along with quick remediation of threats.
Which other solutions did I evaluate?
What other advice do I have?
GitGuardian Platform is excellent for monitoring internal non-human identities and accounts. It provides better visibility, non-compliance risk detection, and vulnerability identification associated with all these accounts. It really helps businesses improve their security posture. I provide this recommendation based on its reliability and business risk mitigation capabilities. This review has been given a rating of ten out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Automated secret detection has protected credentials and enables faster incident response
What is our primary use case?
As a SOC analyst, my main use case for GitGuardian Platform is to detect the exposure of secrets such as API keys, tokens, and passwords. It integrates with GitLab and Slack, allowing me to receive immediate alerts in Slack whenever a secret leaks in a commit. This helps me investigate incidents from the GitGuardian Platform dashboard efficiently.
From a SOC perspective, it aids in quickly identifying risk exposures and coordinating with developers for remediation. This is the primary use case.
In one scenario, a developer accidentally committed an API key into a GitHub repository, and within less than a minute, I received an alert in Slack from GitGuardian Platform. I quickly checked the alert, confirmed it was a valid key, informed the developer, and revoked and rotated the key immediately. If this was not detected quickly, that key could have been misused or exposed to the public, potentially allowing worldwide attackers or hackers to exploit it. This real-time detection has helped me significantly and has reduced the risk efficiently.
In another case, an API key was accidentally pushed into a GitHub commit, and GitGuardian Platform detected it within seconds. I immediately revoked the key before any misuse occurred. Without this tool, it could have gone unnoticed. GitGuardian Platform's primary use case for my organization is to detect API keys and manage modifications mainly for this purpose.
What is most valuable?
The best features GitGuardian Platform offers include wide detection coverage with an accuracy of 100 percent. In very few cases, it results in false positives. It also has a clean dashboard for incident tracking, which are the most valuable features.
Regarding the detection coverage and dashboard features, I find that its most valuable aspect is the detection coverage and real-time alerting capability. GitGuardian Platform can detect a wide range of secrets, including API keys, tokens, passwords, and cloud-related credentials across repositories. The coverage is strong because it supports various types of secrets, not just basic ones. What I find really useful is how fast it detects issues, usually within seconds after a commit, providing real-time alerts. This makes a significant difference in reducing risk. The dashboard is very clean and user-friendly, allowing any department employee to utilize it easily.
GitGuardian Platform combines detection, visibility, and quick response in one workflow, and this is the best aspect.
Since implementing GitGuardian Platform in my organization, I have noted several positive impacts. Before GitGuardian Platform, secret detection was mostly manual and unreliable. In both my previous and current organizations, tracking everything manually was highly impossible.
What needs improvement?
I have three areas for improvement regarding GitGuardian Platform. One is the incident assignment process, which could be improved. The second would be the implementation of team-based assignments instead of individual ones, which would help significantly. Lastly, some minor false positives still occur, and they could improve that as well. Remediation actions such as key rotations are not handled inside the platform and need to be done externally.
For how long have I used the solution?
I have been using GitGuardian Platform for the past two years.
What do I think about the stability of the solution?
Based on my experience, GitGuardian Platform is very stable, and I have not seen any major downtime issues. The scalability is decent, but managing incidents manually can become slightly challenging as the number of developers increases.
What do I think about the scalability of the solution?
Scalability for GitGuardian Platform in my organization is manageable, but it can be challenging with a larger team.
Which solution did I use previously and why did I switch?
Before using GitGuardian Platform, I was utilizing GitLeaks, which is a free resource. I switched to GitGuardian Platform because it is a significantly better solution compared to GitLeaks, as the limitations of free products are always apparent.
I did not evaluate other options before choosing GitGuardian Platform.
How was the initial setup?
Since GitGuardian Platform is a SaaS product, the basic setup, including integration with GitHub and configuration of alerts, takes around ten to fifteen minutes. Some additional time is spent on fine-tuning alerting and workflows, but overall, the initial setup is very straightforward and fast.
What about the implementation team?
I have a business relationship with this vendor only as a customer; there is no partnership.
What was our ROI?
Regarding the return on investment from using GitGuardian Platform, I can say that it has reduced manual effort, allowed for faster detection within seconds, and decreased the risk of credential leaks, which directly improves security and saves time for both SOC and developer teams.
Since implementing GitGuardian Platform in my organization, I have noted several positive impacts. After starting to use GitGuardian Platform, I can summarize the improvements in three points: the risk of credential exposures has significantly reduced, detection has become automated, and SOC and developer teams have saved a lot of time.
What's my experience with pricing, setup cost, and licensing?
My personal feeling about the pricing of GitGuardian Platform is that it is higher compared to free tools such as GitLeaks. I feel the cost is too high. However, the value from centralized dashboard features, incident management, and integration makes it worthwhile for an enterprise environment. Unfortunately, for a startup such as mine, it is not affordable.
Which other solutions did I evaluate?
If organizations currently using GitLeaks are considering GitGuardian Platform, I would advise them to switch, as it offers detection along with incident management and integration, making GitGuardian Platform a more complete and suitable solution for enterprise use.
What other advice do I have?
In my previous organizations, my main infrastructure was hosted on Azure and AWS. For GitGuardian Platform in my previous organization, I believe it was a direct purchase from the vendor, not through the AWS Marketplace. I would rate GitGuardian Platform an eight out of ten.
Thorough Security Guidance with Gold-Standard Email Alerts
What do you like best about the product?
It’s very thorough, and it often reminds me of security and safety measures I tend to forget, since I’m not a professional coder and haven’t had formal training in it. The email alerts are pure gold!
What do you dislike about the product?
So far, nothing to report. That said, it would be helpful if the security reminders could also be sent via SMS and other channels, not just the current method.
What problems is the product solving and how is that benefiting you?
There are security problems that could be very harmful in the long run if they aren’t addressed immediately.
GitGuardian Catches Secrets Early During Commits and Pushes
What do you like best about the product?
The best thing about GitGuardian is that it helps detect secrets very early, when we commit and push them.
What do you dislike about the product?
For now, I don’t know what I don’t like about it. Because it is all way very helpful for me.
What problems is the product solving and how is that benefiting you?
It helps me detect my secrets when I accidentally commit and push them, and it immediately notifies me.
GitGuardian Makes Catching Accidental GitHub Password Leaks Easy
What do you like best about the product?
I like that GitGuardian can easily detect passwords that are accidentally uploaded to GitHub.
What do you dislike about the product?
I dislike the fact that it cannot auto know when these uploaded passwords are a test hence users have to wait to upload and rush to git guardian in other to cancel revoke request so the already submitted env doesn't become useless.
What problems is the product solving and how is that benefiting you?
Git guardian is solving the problem of making users password protected from external or unwanted use by it revoking it and making it non useful
Fast Secret Detection with Clear Alerts and an Easy Dashboard
What do you like best about the product?
GitGuardian helps detect exposed secrets, such as API keys and credentials, in repositories very quickly. The alerts are clear, and the dashboard is easy to understand, making it simpler for developers to identify and fix security issues faster.
What do you dislike about the product?
At times, the alerts can feel a bit overwhelming, especially for new users. It can also take a little while to get familiar with the dashboard and fully understand all of its features.
What problems is the product solving and how is that benefiting you?
GitGuardian helps prevent accidental leaks of sensitive information in code repositories. It strengthens security and gives me more confidence that important credentials and other sensitive data are being protected.
Notify about leaked keys on GitHub quickly and reliably.
What do you like best about the product?
Help check important information that accidentally leaked onto GitHub very well. Keep alerting all the time and work very quickly.
What do you dislike about the product?
Sometimes my git is private. I use it personally, so I let the key slip out, but I get notified all the time. However, there hasn't been any problem. It works well all the time.
What problems is the product solving and how is that benefiting you?
Solve the problem of human error in issues of forgetting or making mistakes.
GitGuardian Automatically Detects and Resolves Security Risks
What do you like best about the product?
It automatically detect and solve security risks
What do you dislike about the product?
I don't have anything about GitGuardian that I dislike
What problems is the product solving and how is that benefiting you?
GitGuardian help me protecting my code base against unintended security problems
Reliable, Trustworthy Help That Makes All the Difference
What do you like best about the product?
Reliable and trustworthy help can make all the difference.
What do you dislike about the product?
Nothing really comes to mind. I couldn’t think of anything to add.
What problems is the product solving and how is that benefiting you?
Sometimes I forget api keys in code and its bad, so GitGuardian helps me.
Saves a Lot of Work When Credentials Are in the Wrong Place
What do you like best about the product?
Saves a lot of work when credentials are in the wrong place
What do you dislike about the product?
When a _Force is activated in a pipeline it gives a warning but does not stop the flow
What problems is the product solving and how is that benefiting you?
Losing credentials
