Catches Security Issues Early and Keeps Our Code Safer
What do you like best about the product?
I helps us in many security concern in code which is later detect by sonar lint , but using GitGuardian its traces before
What do you dislike about the product?
Nothing much but on point of integration with Github and CI/CD pipeline it becomes hasty for new developer
What problems is the product solving and how is that benefiting you?
It solve the problem of accidentally exposing sensitive secrets like API keys, passwords, tokens in code repositories.
Automated secret detection has protected credentials and enables faster incident response
What is our primary use case?
As a SOC analyst, my main use case for GitGuardian Platform is to detect the exposure of secrets such as API keys, tokens, and passwords. It integrates with GitLab and Slack, allowing me to receive immediate alerts in Slack whenever a secret leaks in a commit. This helps me investigate incidents from the GitGuardian Platform dashboard efficiently.
From a SOC perspective, it aids in quickly identifying risk exposures and coordinating with developers for remediation. This is the primary use case.
In one scenario, a developer accidentally committed an API key into a GitHub repository, and within less than a minute, I received an alert in Slack from GitGuardian Platform. I quickly checked the alert, confirmed it was a valid key, informed the developer, and revoked and rotated the key immediately. If this was not detected quickly, that key could have been misused or exposed to the public, potentially allowing worldwide attackers or hackers to exploit it. This real-time detection has helped me significantly and has reduced the risk efficiently.
In another case, an API key was accidentally pushed into a GitHub commit, and GitGuardian Platform detected it within seconds. I immediately revoked the key before any misuse occurred. Without this tool, it could have gone unnoticed. GitGuardian Platform's primary use case for my organization is to detect API keys and manage modifications mainly for this purpose.
What is most valuable?
The best features GitGuardian Platform offers include wide detection coverage with an accuracy of 100 percent. In very few cases, it results in false positives. It also has a clean dashboard for incident tracking, which are the most valuable features.
Regarding the detection coverage and dashboard features, I find that its most valuable aspect is the detection coverage and real-time alerting capability. GitGuardian Platform can detect a wide range of secrets, including API keys, tokens, passwords, and cloud-related credentials across repositories. The coverage is strong because it supports various types of secrets, not just basic ones. What I find really useful is how fast it detects issues, usually within seconds after a commit, providing real-time alerts. This makes a significant difference in reducing risk. The dashboard is very clean and user-friendly, allowing any department employee to utilize it easily.
GitGuardian Platform combines detection, visibility, and quick response in one workflow, and this is the best aspect.
Since implementing GitGuardian Platform in my organization, I have noted several positive impacts. Before GitGuardian Platform, secret detection was mostly manual and unreliable. In both my previous and current organizations, tracking everything manually was highly impossible.
What needs improvement?
I have three areas for improvement regarding GitGuardian Platform. One is the incident assignment process, which could be improved. The second would be the implementation of team-based assignments instead of individual ones, which would help significantly. Lastly, some minor false positives still occur, and they could improve that as well. Remediation actions such as key rotations are not handled inside the platform and need to be done externally.
For how long have I used the solution?
I have been using GitGuardian Platform for the past two years.
What do I think about the stability of the solution?
Based on my experience, GitGuardian Platform is very stable, and I have not seen any major downtime issues. The scalability is decent, but managing incidents manually can become slightly challenging as the number of developers increases.
What do I think about the scalability of the solution?
Scalability for GitGuardian Platform in my organization is manageable, but it can be challenging with a larger team.
Which solution did I use previously and why did I switch?
Before using GitGuardian Platform, I was utilizing GitLeaks, which is a free resource. I switched to GitGuardian Platform because it is a significantly better solution compared to GitLeaks, as the limitations of free products are always apparent.
I did not evaluate other options before choosing GitGuardian Platform.
How was the initial setup?
Since GitGuardian Platform is a SaaS product, the basic setup, including integration with GitHub and configuration of alerts, takes around ten to fifteen minutes. Some additional time is spent on fine-tuning alerting and workflows, but overall, the initial setup is very straightforward and fast.
What about the implementation team?
I have a business relationship with this vendor only as a customer; there is no partnership.
What was our ROI?
Regarding the return on investment from using GitGuardian Platform, I can say that it has reduced manual effort, allowed for faster detection within seconds, and decreased the risk of credential leaks, which directly improves security and saves time for both SOC and developer teams.
Since implementing GitGuardian Platform in my organization, I have noted several positive impacts. After starting to use GitGuardian Platform, I can summarize the improvements in three points: the risk of credential exposures has significantly reduced, detection has become automated, and SOC and developer teams have saved a lot of time.
What's my experience with pricing, setup cost, and licensing?
My personal feeling about the pricing of GitGuardian Platform is that it is higher compared to free tools such as GitLeaks. I feel the cost is too high. However, the value from centralized dashboard features, incident management, and integration makes it worthwhile for an enterprise environment. Unfortunately, for a startup such as mine, it is not affordable.
Which other solutions did I evaluate?
If organizations currently using GitLeaks are considering GitGuardian Platform, I would advise them to switch, as it offers detection along with incident management and integration, making GitGuardian Platform a more complete and suitable solution for enterprise use.
What other advice do I have?
In my previous organizations, my main infrastructure was hosted on Azure and AWS. For GitGuardian Platform in my previous organization, I believe it was a direct purchase from the vendor, not through the AWS Marketplace. I would rate GitGuardian Platform an eight out of ten.
GitGuardian Catches Secrets Early During Commits and Pushes
What do you like best about the product?
The best thing about GitGuardian is that it helps detect secrets very early, when we commit and push them.
What do you dislike about the product?
For now, I don’t know what I don’t like about it. Because it is all way very helpful for me.
What problems is the product solving and how is that benefiting you?
It helps me detect my secrets when I accidentally commit and push them, and it immediately notifies me.
Excellent Protection Against Accidental Data Leaks
What do you like best about the product?
It protects against distractedly publishing information that passes inspection when AI engines create .gitignore files. It can even find it in a casual comment.
What do you dislike about the product?
Not a major downside, but sometimes it flags test strings, dummy values.
What problems is the product solving and how is that benefiting you?
I use many API values that obviously should not appear in any repo, even private. GitGuardian does a great job at this task.
Accurate Secret Detection with Seamless GitHub Integration
What do you like best about the product?
it is very easy to implement and does not require heavy configuration to start delivering value. The onboarding process is straightforward, and integrations with GitHub and CI/CD pipelines work smoothly, allowing teams to get up and running quickly. I use GG frequently as part of daily development and code review workflows, and it fits naturally without slowing anyone down.
Customer support has been responsive and helpful whenever clarification or guidance was needed, especially during initial setup and alert tuning. The accuracy of secret detection, combined with clear alerts and remediation guidance, makes it a practical security tool that developers actually trust and consistently use.
What do you dislike about the product?
The pricing may seem somewhat steep for smaller teams or early-stage startups, particularly when expanding usage to multiple repositories. At first, some alerts might need to be adjusted to minimize unnecessary notifications, which involves a bit of a learning curve. Furthermore, the advanced features and options for policy customization could offer greater flexibility, especially for organizations that have highly specific internal security processes.
What problems is the product solving and how is that benefiting you?
This tool helps me prevent accidental credential leaks, which pose significant security risks and compliance challenges. By identifying secrets early in commits and pull requests, it lowers the likelihood of production breaches, unauthorized access, and expensive incident responses. As a result, it enhances overall security, saves developers time, and fosters client trust by ensuring sensitive data is well protected.
Automated Secrets Checking and Incident Dashboard—All for Free!
What do you like best about the product?
Automated secrets checking and an incident dashboard -- and for free! Once the extension is installed and/or the cli, use is nearly effortless. AI assistants easily perform scans with little prompting specificity required, so the barriers to integration are pretty low too.
What do you dislike about the product?
In my experience, secret remediation hasn't been as automated as I would find helpful, at least with my current setup. However, I should note that I haven't fully explored all the available options in this area yet.
What problems is the product solving and how is that benefiting you?
Preventing the commitment of secrets is a highly effective way to reduce the potential attack surface and guard against intrusions.
GitGuardian: Robust Secret Detection with Seamless Integration
What do you like best about the product?
I like GitGuardian because it quickly detects secrets, gives clear alerts, integrates easily with GitHub, and helps fix issues fast.
What do you dislike about the product?
Sometimes GitGuardian gives false positives, so manual review is needed. Alert rules, context, and customization could be improved to reduce noise.
What problems is the product solving and how is that benefiting you?
I use GitGuardian to detect exposed secrets and sensitive information, preventing security leaks and maintaining secure development practices. It reduces security risks, saves investigation time, and improves overall code security.
(mainly) monitoring apikey disclosure
What do you like best about the product?
I appreciate how quickly and accurately incidents are reported.
What do you dislike about the product?
Sometimes the reports are a bit hard to read.
What problems is the product solving and how is that benefiting you?
(Mainly) to monitor my git repository changes and prevent unauthorized disclosure of API keys (or other sensitive credentials).
Fast and Accurate Secret Detection
What do you like best about the product?
It is able to catch missed secrets, fast. It is automated so it is easy to sue and implemented/integrated automatically. It is always active so it detects new issues as fast as they are committed, usage is good. Never had to try to reach out to customer support, so that's a plus.
What do you dislike about the product?
Removing false flag has a not-good-enough UX.
What problems is the product solving and how is that benefiting you?
I am able to find out missed secrets, even placeholder values are detected, which I put during testing. So that's something that is forgettable to remove, but GitGuardian detecting comments as well is really smart.
Powerful tool for keeping secrets secure in repositories
What do you like best about the product?
I really like how GitGuardian automatically detects exposed secrets in my code and integrates smoothly with GitHub. It saves me a lot of time.
What do you dislike about the product?
Sometimes it can trigger false positives or flag secrets that are already safe, which requires extra review time.
What problems is the product solving and how is that benefiting you?
GitGuardian helps detect and prevent secrets like API keys or credentials from being committed to repositories. It saves time during code reviews and ensures better security compliance. It also integrates well with CI/CD pipelines, helping our team catch leaks early.
