Sold by: GitGuardian
Deployed on AWS
Vendor Insights
The end-to-end secrets security platform for enterprises. Scan and fix hardcoded secrets in source code, CI/CD pipelines, and productivity tools with GitGuardian code security platform.
4.8
Overview
GitGuardian is an end-to-end secrets security platform that empowers software-driven organizations to enhance their Non-Human Identity (NHI) security and comply with industry standards.
With attackers increasingly targeting NHIs, such as service accounts and applications, GitGuardian integrates Secrets Security and Secrets Observability. This dual approach enables the detection of compromised secrets across your dev environments while also managing legitimate secrets and their lifecycle.
The platform supports over 450+ types of secrets, offers public monitoring for leaked data, and deploys honeytokens for added defense
Trusted by over 600,000 developers, GitGuardian is the choice of leading organizations like Snowflake, ING, BASF, and Bouygues Telecom for robust secrets protection.
Highlights
- With Secrets Security, GitGuardian aims to eliminate leaks and sprawl, detecting compromised or misused secrets across both public and internal environments. This foundation of NHI security is strengthened by monitoring for incidents, policy violations, and illegitimate use of secrets.
- GitGuardian's Secrets Detection tackles internal secrets sprawl by identifying sensitive data in source code and productivity tools. The platform supports over 450 types of secrets, including API keys, private keys, and database credentials. With a robust policy engine, security teams can enforce rules across major Version Control Systems ( like GitHub, GitLab, BitBucket, and Azure DevOps, CI/CD tools such as Jenkins, Travis CI as well as tools like Slack, Jira, container registries, and more.
- To expand visibility beyond internal systems, GitGuardian Public Monitoring scans public GitHub repositories, detecting sensitive information in both organizational and developers' personal repos. This is crucial, as 80% of corporate secrets leaked on public GitHub stem from personal accounts.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
SOC2
GDPR
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
25 developers | Business Plan, per 25 contributing developers (annual contract) | $5,500.00 |
Vendor refund policy
Please contact sales@gitguardian.com to learn more about GitGuardian's refund policy.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
Explore our guides to use the GitGuardian Platform https://docs.gitguardian.com or submit a support request at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By GitGuardian
By CyberArk
By Doppler
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Secrets Detection and Classification
Supports detection of over 450 types of secrets including API keys, private keys, and database credentials across source code and productivity tools
Multi-Platform Integration
Integrates with major Version Control Systems (GitHub, GitLab, BitBucket, Azure DevOps), CI/CD tools (Jenkins, Travis CI), and productivity platforms (Slack, Jira, container registries)
Public Repository Monitoring
Scans public GitHub repositories to detect sensitive information in both organizational and personal developer accounts
Policy Engine and Enforcement
Includes a robust policy engine that enables security teams to enforce rules and manage secrets lifecycle across integrated platforms
Honeytokens and Incident Detection
Deploys honeytokens for defense and monitors for incidents, policy violations, and illegitimate use of secrets in both public and internal environments
Centralized Secrets Management
Centrally secures, rotates, and manages secrets across multi-cloud and hybrid environments with a unified view across multiple AWS accounts and AWS Secrets Manager instances.
Multi-Platform Integration
Offers REST APIs and integrates with a wide range of DevOps tools, container platforms, vulnerability scanners, RPA, and automation tools for credential delivery.
Secrets Rotation and Lifecycle Management
Automatically rotates secrets in AWS Secrets Manager and across enterprise environments without requiring changes to developer workflows or applications.
Audit and Access Control
Provides centralized control and comprehensive auditing of how applications, DevOps tools, and automation platforms authenticate and access sensitive resources including databases and cloud environments.
Enterprise-Scale Architecture
Designed to support massive scalability with data sovereignty requirements for large global enterprises and eliminates vault sprawl across distributed environments.
Secrets Management and Centralization
Centralized platform for managing secrets across projects, teams, and environments to eliminate secrets sprawl
Automated Credential Rotation
Automatic rotation of credentials without downtime to safeguard against data breaches
Multi-Environment Integration
Automatic synchronization and deployment of secrets across environments and infrastructure through expanding suite of integrations
Access Control and Audit Logging
Scalable and flexible access controls with detailed activity logs for real-time access management and compliance
Developer-Centric Tools
VS Code extension for editing secrets alongside code with bidirectional synchronization and Doppler CLI for consuming secrets as environment variables
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
No security profile
No security profile
Standard contract
No
No
Customer reviews
SanketShinde
Secret scanning has protected sensitive data and now streamlines fixing vulnerabilities
Reviewed on Apr 19, 2026
Review from a verified AWS customer
What is our primary use case?
I use GitGuardian Platform to ensure that there are no secrets committed, such as hardcoded values, database credentials, API keys, or any secrets that could be exposed to external users of our application. To maintain security and data accuracy, confidential data should not be shared with other platforms. GitGuardian Platform checks our local code first, then it passes through our CI/CD pipeline as well. When we push code to GitHub , it scans and sends a report via Gmail, so we have to fix those security vulnerabilities.
What is most valuable?
The best features of GitGuardian Platform are that it detects everything being pushed through the repository and scans everything comprehensively. It checks the possibility of exposure, so if there are API keys or database passwords being used, it warns us to either remove, rotate, or replace them, ensuring they should not be present in a GitGuardian Platform scan.
Our company has seen many benefits from using GitGuardian Platform, especially since there have been numerous cyber attacks and security threats in the last two to three years. Our company has remained very safe in this regard because we need to secure our data effectively, being in the insurance reinsurance sector. GitGuardian Platform ensures our data is protected by regularly scanning the repositories and sending us reports on how to fix vulnerabilities, keeping us safe from cyber attacks.
What needs improvement?
GitGuardian Platform could improve by providing a more user-friendly UI with tips or solutions. With AI advancements, they could offer AI-specific solutions in scanning reports, suggesting fixes for GitGuardian Platform incidents, and even permit automated fixes, which would significantly reduce the developer's workload.
For how long have I used the solution?
I have been using GitGuardian Platform for the last one year.
What do I think about the stability of the solution?
Stability and availability of GitGuardian Platform are commendable; it is stable and available.
It is stable because when I push changes, it scans immediately, confirming fixes. There is no downtime during scanning, maintaining stability and availability.
How are customer service and support?
I find support good since we have not needed much help from them. The guidelines provided are sufficient for guiding us on what to fix.
Which other solutions did I evaluate?
There are many tools in our organization for similar purposes, but GitGuardian Platform is specifically for exposing secrets. We also use Snyk for vulnerability scanning, among others, though I cannot recall all of them.
The decision was made by my organization, not me, so I am not sure about the parameters they considered before choosing GitGuardian Platform.
What other advice do I have?
GitGuardian Platform prioritizes incidents in our workflow through automated validity checks. There are high risk, low risk, and medium risk incidents raised, and the infosec team prioritizes them and approaches us, the developers who pushed those changes, to fix them accordingly.
GitGuardian Platform's public leakage detection influences our company's data security as a precaution. We are not sure if data might be exposed, but taking this precaution by scanning the repositories is crucial. A cyber attacker just needs one piece of data, so we ensure at least that one thing is secured. It is about cyber attack prevention, ensuring all our data remains safe.
It rates the effectiveness of severity in incident management based on the severity of the change. This allows us to address the most important ones first. It checks what has been pushed from the code, raising a high-level vulnerability if database-related passwords are involved and reports it urgently. For low-level issues like hardcoded values for APIs, it is reported accordingly based on priority.
I use GitGuardian Platform's automated playbooks for scanning. Productivity-wise, these playbooks help me know if I am going to push code with secrets. I am aware now, so I intentionally avoid that, ensuring I write good code. It increases my productivity by helping me fix issues proactively. If GitGuardian Platform were not here and vulnerabilities were discovered later, there could be severe consequences. Currently, that impact has been reduced, minimizing our efforts significantly through early precautions.
Our organization is currently innovating on the AI side, which includes creating a custom agent to fix vulnerabilities, similar to GitHub Copilot. This agent automates changes required based on GitGuardian Platform scanning, closing incidents directly. This support reduces our efforts and timelines.
Fixing vulnerabilities now takes approximately 60% less time. If fixing took ten days, I now do it in six. I am not sure about multi-vault integration because I am just a developer using it to fix my code changes. I am not sure if I am using GitGuardian Platform's Honey Tokens feature. I would rate this product an 8.5 overall.
Francisco O.
Peace of Mind Protection Against Security Mistakes
Reviewed on Apr 13, 2026
Review provided by G2
What do you like best about the product?
It helps protect me from any security mistakes.
What do you dislike about the product?
nothing, everything is useful, and helps me a lot
What problems is the product solving and how is that benefiting you?
It protects me from accidentally exposing my API keys.
Wicky W.
Catches Security Issues Early and Keeps Our Code Safer
Reviewed on Apr 13, 2026
Review provided by G2
What do you like best about the product?
I helps us in many security concern in code which is later detect by sonar lint , but using GitGuardian its traces before
What do you dislike about the product?
Nothing much but on point of integration with Github and CI/CD pipeline it becomes hasty for new developer
What problems is the product solving and how is that benefiting you?
It solve the problem of accidentally exposing sensitive secrets like API keys, passwords, tokens in code repositories.
Vivek_Jaiswal
Security posture has improved and platform identifies and remediates code and identity risks
Reviewed on Apr 10, 2026
Review from a verified AWS customer
What is our primary use case?
GitGuardian Platform 's primary use case is to identify vulnerabilities within the source code in our environment. We detect and fix the vulnerabilities while using this platform to monitor and enforce rules across DevOps tools, infrastructure, and source code configurations. It is a detection engine that is very intelligent and provides vulnerability and security gaps that we work to remediate.
We generally use GitGuardian Platform to identify vulnerabilities and data leaks within the codebase and detect secrets before pushing into any remote Git repository. With the help of this internal security monitoring platform, it has protected our data.
GitGuardian Platform is designed to help our organization identify security vulnerabilities within non-human identities' security postures. It also addresses compliance, standards, and regulations. Our non-human identities are majorly targeted to gain account credentials.
What is most valuable?
GitGuardian Platform identifies the risk and vulnerabilities within the source code, and our security team monitors that while we proactively work on vulnerabilities or security risks associated with non-human identities, source code, service accounts, service principals, and applications. We fix those vulnerabilities, which helps us maintain standard and regulatory compliance postures and gives leadership the ability to present external accessibility.
GitGuardian Platform is more reliable in terms of monitoring and helps us prevent data leaks. The interface is easy to navigate, and the remediation workflow with developer attribution and context provides good value. It provides historical secret and detection information across the Git repository and in CI and CD pipelines.
Since we started using GitGuardian Platform, we have observed many vulnerabilities or security risks associated with non-human identities, service accounts, and applications. Previously, attackers were increasingly targeting our non-human identities, service accounts, or applications. GitGuardian Platform integrates secret security with non-human identities governance, and this dual approach enables the detection of compromised secrets across the development environment. It helps protect non-human identities and mitigate associated risks. Our security posture has improved by seventy percent with GitGuardian Platform identifying and mitigating threats.
What needs improvement?
Speed is not optimal, and this is a downside. The pricing is competitive, but we would appreciate lower prices for the services. The ticketing system could be improved with more granular control options.
GitGuardian Platform could be integrated with other open-source platforms or GitHub platforms to improve overall functionality and features in terms of performance, integration efforts, professional support, and the GUI, which would provide additional value.
GitGuardian Platform is working as designed and identifying security risks by priority within the source code and identities, so no improvement is needed at this time.
GitGuardian Platform is excellent for saving tokens and encryption keys. Integration and implementation are straightforward, and the overall experience has been positive except for the payment plan process, which could be improved.
For how long have I used the solution?
I have been using GitGuardian Platform for two years.
What do I think about the stability of the solution?
GitGuardian Platform is very stable.
What do I think about the scalability of the solution?
GitGuardian Platform is highly scalable and can be deployed and integrated according to our requirements and pricing budget. Features can be enabled based on our budget and pricing requirements.
Which solution did I use previously and why did I switch?
We used Token Security and other platforms before moving to GitGuardian Platform because token security was not adequate for our needs.
We previously used Entro Security , OSC Security, and Token Security before transitioning to GitGuardian Platform.
How was the initial setup?
The vendor clearly explained the pricing, setup cost, and licensing and provided us complete details about the licensing, professional support, integration, development, deployment duration, and phases.
What about the implementation team?
We purchased GitGuardian Platform through the AWS Marketplace .
What was our ROI?
GitGuardian Platform has delivered a seventy to eighty percent improvement. It has definitely helped us with user metrics, user resource utilization, and time savings, along with quick remediation of threats.
Which other solutions did I evaluate?
Token Security
What other advice do I have?
GitGuardian Platform is excellent for monitoring internal non-human identities and accounts. It provides better visibility, non-compliance risk detection, and vulnerability identification associated with all these accounts. It really helps businesses improve their security posture. I provide this recommendation based on its reliability and business risk mitigation capabilities. This review has been given a rating of ten out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Pavan Ingaleshwar
Automated secret detection has protected credentials and enables faster incident response
Reviewed on Apr 06, 2026
Review from a verified AWS customer
What is our primary use case?
As a SOC analyst, my main use case for GitGuardian Platform is to detect the exposure of secrets such as API keys, tokens, and passwords. It integrates with GitLab and Slack, allowing me to receive immediate alerts in Slack whenever a secret leaks in a commit. This helps me investigate incidents from the GitGuardian Platform dashboard efficiently.
From a SOC perspective, it aids in quickly identifying risk exposures and coordinating with developers for remediation. This is the primary use case.
In one scenario, a developer accidentally committed an API key into a GitHub repository, and within less than a minute, I received an alert in Slack from GitGuardian Platform. I quickly checked the alert, confirmed it was a valid key, informed the developer, and revoked and rotated the key immediately. If this was not detected quickly, that key could have been misused or exposed to the public, potentially allowing worldwide attackers or hackers to exploit it. This real-time detection has helped me significantly and has reduced the risk efficiently.
In another case, an API key was accidentally pushed into a GitHub commit, and GitGuardian Platform detected it within seconds. I immediately revoked the key before any misuse occurred. Without this tool, it could have gone unnoticed. GitGuardian Platform's primary use case for my organization is to detect API keys and manage modifications mainly for this purpose.
What is most valuable?
The best features GitGuardian Platform offers include wide detection coverage with an accuracy of 100 percent. In very few cases, it results in false positives. It also has a clean dashboard for incident tracking, which are the most valuable features.
Regarding the detection coverage and dashboard features, I find that its most valuable aspect is the detection coverage and real-time alerting capability. GitGuardian Platform can detect a wide range of secrets, including API keys, tokens, passwords, and cloud-related credentials across repositories. The coverage is strong because it supports various types of secrets, not just basic ones. What I find really useful is how fast it detects issues, usually within seconds after a commit, providing real-time alerts. This makes a significant difference in reducing risk. The dashboard is very clean and user-friendly, allowing any department employee to utilize it easily.
GitGuardian Platform combines detection, visibility, and quick response in one workflow, and this is the best aspect.
Since implementing GitGuardian Platform in my organization, I have noted several positive impacts. Before GitGuardian Platform, secret detection was mostly manual and unreliable. In both my previous and current organizations, tracking everything manually was highly impossible.
What needs improvement?
I have three areas for improvement regarding GitGuardian Platform. One is the incident assignment process, which could be improved. The second would be the implementation of team-based assignments instead of individual ones, which would help significantly. Lastly, some minor false positives still occur, and they could improve that as well. Remediation actions such as key rotations are not handled inside the platform and need to be done externally.
For how long have I used the solution?
I have been using GitGuardian Platform for the past two years.
What do I think about the stability of the solution?
Based on my experience, GitGuardian Platform is very stable, and I have not seen any major downtime issues. The scalability is decent, but managing incidents manually can become slightly challenging as the number of developers increases.
What do I think about the scalability of the solution?
Scalability for GitGuardian Platform in my organization is manageable, but it can be challenging with a larger team.
Which solution did I use previously and why did I switch?
Before using GitGuardian Platform, I was utilizing GitLeaks, which is a free resource. I switched to GitGuardian Platform because it is a significantly better solution compared to GitLeaks, as the limitations of free products are always apparent.
I did not evaluate other options before choosing GitGuardian Platform.
How was the initial setup?
Since GitGuardian Platform is a SaaS product, the basic setup, including integration with GitHub and configuration of alerts, takes around ten to fifteen minutes. Some additional time is spent on fine-tuning alerting and workflows, but overall, the initial setup is very straightforward and fast.
What about the implementation team?
I have a business relationship with this vendor only as a customer; there is no partnership.
What was our ROI?
Regarding the return on investment from using GitGuardian Platform, I can say that it has reduced manual effort, allowed for faster detection within seconds, and decreased the risk of credential leaks, which directly improves security and saves time for both SOC and developer teams.
Since implementing GitGuardian Platform in my organization, I have noted several positive impacts. After starting to use GitGuardian Platform, I can summarize the improvements in three points: the risk of credential exposures has significantly reduced, detection has become automated, and SOC and developer teams have saved a lot of time.
What's my experience with pricing, setup cost, and licensing?
My personal feeling about the pricing of GitGuardian Platform is that it is higher compared to free tools such as GitLeaks. I feel the cost is too high. However, the value from centralized dashboard features, incident management, and integration makes it worthwhile for an enterprise environment. Unfortunately, for a startup such as mine, it is not affordable.
Which other solutions did I evaluate?
If organizations currently using GitLeaks are considering GitGuardian Platform, I would advise them to switch, as it offers detection along with incident management and integration, making GitGuardian Platform a more complete and suitable solution for enterprise use.
What other advice do I have?
In my previous organizations, my main infrastructure was hosted on Azure and AWS . For GitGuardian Platform in my previous organization, I believe it was a direct purchase from the vendor, not through the AWS Marketplace . I would rate GitGuardian Platform an eight out of ten.