My use case for the GitGuardian Platform is application security for our enterprise repository.
GitGuardian Platform
GitGuardianExternal reviews
240 reviews
from
and
External reviews are not included in the AWS star rating for the product.
GitGuardian Journey
What do you like best about the product?
Well the fact that aside from notifying you it tells you the specific location it helps a lot specially with a codebase that uses frameworks it kinda get messy. Since I install gitguardian all my repository is connected into it seamlessly.
What do you dislike about the product?
None so far but I would guess I don't know if it exist but it would be amazing to make it on click and store or remove the keys directly
What problems is the product solving and how is that benefiting you?
Well primarily it helps us really stored our keys.
It is extremely useful and easy to use. It helped me improve the security of my software
What do you like best about the product?
In addition to presenting the problem, it also presents the solution, description, and criticality of the issue.
What do you dislike about the product?
There's nothing I don't like for now. Its a good software
What problems is the product solving and how is that benefiting you?
Exposes of secrets
Always making sure that my repos are not exposed.
What do you like best about the product?
The instant emails about a potential threat
What do you dislike about the product?
Nothing. I think GitGuardian does a good job of protecting my repos
What problems is the product solving and how is that benefiting you?
The problems that gitguardian is solving is when I forget to protect API keys and I push something into my repo
GitGuardian saving your secrets
What do you like best about the product?
I like the fact GitGuardian automatically checks and find all the secrets or suspicious things in the code and helps developers discovering them. This, although seems little for a non-developer is a very big thing as these secrets can leads to major data loss, security concerns and even loss of business.
What do you dislike about the product?
Could be a little more powerful to detect all the secrets and also not pose a threat if something is not a secret even if it looks like so. Example env variables should be skipped.
What problems is the product solving and how is that benefiting you?
Whenever I push code, we have a lot of environment variables that needs to be taken care of. Sometimes these confidential values get passed into tracked files in Git, unknowingly or by mistake, especially during vibe-coding which is a very big thing nowadays. GitGuardian plays a very very big role in discovering these essential secrets that cannot and should not be exposed to the outside world or could lead to serious damages to the company or business or even an individual and disrupt the work.
So GitGuardians security checks are very essential and needed.
So GitGuardians security checks are very essential and needed.
GitGaurdian - Project Gaurdian
What do you like best about the product?
What I like best about GitGuardian is its ability to automatically scan my code for sensitive information, such as API keys, passwords, and access tokens. It’s incredibly reassuring knowing that I’m alerted in real time if any secrets are accidentally committed to my repositories.
The integration with GitHub, GitLab, and Bitbucket is seamless, making it easy to set up and use without any hassle. Plus, the fact that it can scan both public and private repositories adds an extra layer of security, which is essential for any serious project.
Another standout feature is its detailed alerts that give you all the information you need to quickly address any vulnerabilities. It saves me from the stress of manually checking for potential leaks, which would be a huge pain, especially in larger codebases.
Overall, GitGuardian is a fantastic tool for anyone looking to maintain strong security practices while keeping their development process smooth. Highly recommend it!
The integration with GitHub, GitLab, and Bitbucket is seamless, making it easy to set up and use without any hassle. Plus, the fact that it can scan both public and private repositories adds an extra layer of security, which is essential for any serious project.
Another standout feature is its detailed alerts that give you all the information you need to quickly address any vulnerabilities. It saves me from the stress of manually checking for potential leaks, which would be a huge pain, especially in larger codebases.
Overall, GitGuardian is a fantastic tool for anyone looking to maintain strong security practices while keeping their development process smooth. Highly recommend it!
What do you dislike about the product?
While GitGuardian is generally a great tool, there are a couple of things that could be improved. For starters, the alert system can sometimes be a bit too sensitive. I’ve received notifications about things that don’t always feel like high risks, which can be a little overwhelming if you’re working on multiple projects at once.
Another downside is that while the free tier is useful, it’s quite limited. If you need more advanced features like deeper scanning, monitoring private repositories, or getting more detailed reports, you have to pay for the premium version. This might be a bit of a stretch for solo developers or smaller teams on a tight budget.
Lastly, sometimes the false positives can get annoying, especially if you're working with a lot of environment-specific variables or certain configurations that GitGuardian flags as secrets when they’re really not. It requires a bit of manual tuning to filter out unnecessary warnings.
Another downside is that while the free tier is useful, it’s quite limited. If you need more advanced features like deeper scanning, monitoring private repositories, or getting more detailed reports, you have to pay for the premium version. This might be a bit of a stretch for solo developers or smaller teams on a tight budget.
Lastly, sometimes the false positives can get annoying, especially if you're working with a lot of environment-specific variables or certain configurations that GitGuardian flags as secrets when they’re really not. It requires a bit of manual tuning to filter out unnecessary warnings.
What problems is the product solving and how is that benefiting you?
GitGuardian is solving a crucial problem in modern software development: the accidental exposure of sensitive information in code repositories. Whether it’s an API key, a database password, or a private token, these secrets can easily slip into version control systems, leading to security breaches, data leaks, or even full-blown hacks. GitGuardian catches these vulnerabilities before they become a problem, allowing me to be confident that my code is safe.
For me, the biggest benefit has been the peace of mind it provides. I no longer have to worry about manually reviewing every line of code or inspecting every commit for exposed secrets. GitGuardian does that for me in real time, which is a huge time-saver. Plus, it’s integrated into my GitHub, GitLab, and Bitbucket workflows, meaning I get alerts immediately after committing sensitive information, so I can take quick action to remediate it.
This automated scanning has prevented potential security disasters, especially in larger projects where it would be easy to overlook a mistake. Overall, GitGuardian has made security a lot less stressful and has ensured that I can focus more on coding and less on worrying about leaks.
For me, the biggest benefit has been the peace of mind it provides. I no longer have to worry about manually reviewing every line of code or inspecting every commit for exposed secrets. GitGuardian does that for me in real time, which is a huge time-saver. Plus, it’s integrated into my GitHub, GitLab, and Bitbucket workflows, meaning I get alerts immediately after committing sensitive information, so I can take quick action to remediate it.
This automated scanning has prevented potential security disasters, especially in larger projects where it would be easy to overlook a mistake. Overall, GitGuardian has made security a lot less stressful and has ensured that I can focus more on coding and less on worrying about leaks.
Great tool to have your back
What do you like best about the product?
Extremely useful solution to have when you are developing your solutions
What do you dislike about the product?
The downside is that you know you messed up in your code and security.
What problems is the product solving and how is that benefiting you?
Inadvertently publishing product keys.
Supports application security by detecting a wide range of secrets and allows integration into existing vulnerability management processes
What is our primary use case?
How has it helped my organization?
The solution has improved our organization. We are still in the rollout, but the users who are utilizing it are very happy, especially about the feature that enables pre-commit hooks in Git that will not raise to the remote repository. This is a very good feature that our developers use very heavily.
What is most valuable?
The best features of the GitGuardian Platform are that it finds many different secrets, more than other competitors, and the support from the colleagues is also very good.
The GitGuardian Platform helps in monitoring and protecting our code repositories from leakage. It helps significantly because we connected our vulnerability management process to this, and the colleagues from vulnerability management have much easier work since we have the GitGuardian Platform installation due to the dedicated incidents or issues which are opened automatically.
The alerting capabilities and threat intelligence features of the GitGuardian Platform are managed by another team; we only host the platform.
The audit logs and compliance reports from GitGuardian are very helpful because, in the past, we needed to do it manually by scanning the repos. Now with GitGuardian Platform, we have a really good overview of what is open, what is closed, and how critical the issues are.
What needs improvement?
The areas that have room for improvement involve the missing feature to add custom detectors for the GitGuardian Platform, which would help us check if internal secrets are still valid or not.
I assess the accuracy of the detection from the GitGuardian Platform as very good because we don't have many false positives, which means the quality is very good. The only thing we want to have are some additional detectors which help us to prioritize, especially since enterprise secrets are found, but they cannot verify if they are valid or not.
For how long have I used the solution?
I have been using the GitGuardian Platform for one and a half years.
What do I think about the stability of the solution?
The stability of the GitGuardian Platform is excellent. We don't have any problems with the stability of the system at all.
What do I think about the scalability of the solution?
The scalability of the GitGuardian Platform is excellent.
How are customer service and support?
The technical support from the GitGuardian Platform deserves a rating of nine out of ten.
How would you rate customer service and support?
What about the implementation team?
The deployment of the GitGuardian Platform is very easy because it's a Helm chart which is very easy to install for us. The deployment took several days.
What's my experience with pricing, setup cost, and licensing?
I have no information about pricing, but since they won the request for quotation, I believe it's a good price.
Which other solutions did I evaluate?
We created a technical evaluation and checked against other providers, though I don't remember the names. The GitGuardian Platform has the best technical capabilities, and our procurement handles the pricing part.
What other advice do I have?
The GitGuardian Platform is used worldwide in our environment.
Currently, we have approximately 1,300 licenses for the GitGuardian Platform, but we will increase to 2,000 next year.
The solution requires maintenance from our side only for user management, which is normal for each application.
I cannot quantify how much time or resources the GitGuardian Platform saves us because this is spread across all teams worldwide.
I would recommend the GitGuardian Platform to other users because the integration with GitHub and Azure DevOps is very easy, and you also have the possibility to use it locally on your IDE. This is a very good solution.
I rate the GitGuardian Platform a nine out of ten because room for improvement is always possible, but it's really good.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Efficiently manages sensitive data but needs improvement in credential differentiation
What is our primary use case?
We initially integrated GitGuardian Platform into our organization in 2023 into our GitHub repository. We implemented it because we did not want our secret credentials to be exposed to the internet or to a third party such as GitHub. It flags when credentials have been exposed so we can remediate and fix them. GitGuardian Platform was what my tech lead suggested we use, and we had to incorporate it into our repositories. We use the Platform version.
What is most valuable?
What I appreciate the most about GitGuardian Platform is its efficiency when triggering our pipeline and notifying us if secrets have been exposed, such as APIs, variables, our database, or anything being exposed. Currently, we have numerous repositories and pushes that happen in our repo. It would be humanly impossible for us to manually search for these secrets. GitGuardian Platform can do this automatically. All we need to do is wait for an email notification that indicates a secret has been exposed. It points out the repository that has the secret exposed, and we can fix it. This saves us the time of manual review.
What needs improvement?
The main disadvantage I feel they should improve upon is that apart from flagging credential issues or secrets, they could incorporate something else to make it more dynamic. If their product focuses majorly on secrets leaking, similar to Amazon Macie, they could expand their capabilities. Amazon Macie primarily flags secrets being exposed over the internet.
For example, we use Dependabot for code review. Dependabot helps us follow best practices such as code quality and code analysis, as we cannot manually check 10,000 lines of code to ensure they follow structural standards. If GitGuardian Platform could incorporate code analysis into their system, not just for secrets alone, it would make them more dynamic.
This would allow users to have just one tool instead of multiple third-party tools running in GitHub. It would reduce management overhead as you wouldn't have to manage multiple tools.
For how long have I used the solution?
I have been using GitGuardian Platform in my career for almost two years now.
What do I think about the stability of the solution?
For my organization, GitGuardian Platform has been stable. Since installation, we haven't had to optimize it, and I am unsure about new versions. It has been functioning effectively, and its performance is satisfactory. The only limitation is that it performs just one task. While it is efficient at credential flagging, it could offer more functionality.
What do I think about the scalability of the solution?
Regarding scalability, in my organization, we have about 44 repositories running, and GitGuardian Platform has been able to handle these repositories efficiently. I am uncertain about its capability to handle 100 repositories. For our organization, which is just four years old and not a large platform with numerous features, it functions adequately with our 44 repositories.
Some tools can function properly until demand increases or usage reaches a certain extent, at which point they might start deteriorating. For instance, with our GitHub account, we had to pay for more capacity usage. I am unsure if GitGuardian Platform has similar limitations on the number of repositories it can handle. However, for our current 44 repositories, it has been working exceptionally.
How are customer service and support?
I have never contacted any technical support or customer support through phone or ticket system. We have never experienced any issues with it. It effectively helps us with credentials security and has been performing satisfactorily.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have not compared GitGuardian Platform with any alternatives in my organization. For GitHub repositories credentials, we use GitGuardian Platform. For AWS, we use Amazon Macie because we run our infrastructure on Amazon Web Services. We use Macie to protect our credentials from being exposed.
How was the initial setup?
The initial deployment and installation was very easy for us.
What about the implementation team?
For this deployment, my tech lead handled the implementation. We were on a call with him while he deployed it. It required only one person to complete the setup.
What was our ROI?
It does not require any maintenance on our end as it has been working autonomously. I am unaware of new versions, but what we have been using has not required maintenance.
What's my experience with pricing, setup cost, and licensing?
I am not involved with the pricing of GitGuardian Platform, as the tech lead handled those aspects. Initially, I thought it was an open-source tool. There are private and public versions available. The private version requires payment, but for the public version we use, we did not make any payments.
Which other solutions did I evaluate?
I have not compared GitGuardian Platform with any alternatives in my organization. For GitHub repositories credentials, we use GitGuardian Platform. For AWS, we use Amazon Macie because we run our infrastructure on Amazon Web Services. We use Macie to protect our credentials from being exposed.
What other advice do I have?
I will rate GitGuardian Platform a seven out of ten. The reason for this rating is that I wish they could have an agent embedded into their system that helps to identify real credentials from mock credentials, as this sometimes causes false alarms.
We are users of the product with no partnerships with GitGuardian Platform. They can contact me regarding any questions about this review. I am open to anything that benefits the community and makes everything better.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Facilitates efficient secret management and improves development processes
What is our primary use case?
My use case for the GitGuardian Platform is application security.
What is most valuable?
My impression of the GitGuardian Platform's capability to detect secrets in real time is actually really amazing, because it lets us protect or block the pipelines in which we deploy new applications so we can acknowledge when a secret is hardcoded in a repository, or when we have already hardcoded secrets within templates in our repos.
We adopted it a year ago, and it has been doing great in our teams, especially for developers. The impression so far has been good.
The severity scoring has helped us in incident management because it is doing the correct job. We got many secrets leaked within our platform and it was making the correct warnings regarding that particular secret, as we had a hardcoded Google Cloud API key. It was marked as a critical severity, so we had the chance to correct it, regenerate that secret and work again on not hardcoding secrets within our code.
GitGuardian's public leak detection significantly enhances our organization's data security by continuously monitoring public repositories. It allows us to proactively identify accidental exposures of sensitive credentials or secrets.
What needs improvement?
Regarding the exceptions in GitGuardian Platform, we know that within the platform we have a way to accept a path or a directory from a repository, but it is not that visible at the very beginning. You have to figure out where to search for it, and once you have it, it is really good, but it is not that visible at the beginning. This should be made more exposed.
The documentation could be better because it was not that comprehensively documented. When we started working with GitGuardian Platform, it was difficult to find some specific use cases, and we were not aware of that. It might have improved now, but at that time, it was not something we would recommend.
For how long have I used the solution?
I have been using the GitGuardian Platform for almost a year now.
What do I think about the stability of the solution?
From 1 to 10, I rate the stability of the GitGuardian Platform a 10, as there are no downtimes.
What do I think about the scalability of the solution?
I would rate the scalability as a 10, since we did not have any problems.
How are customer service and support?
For technical support, I would give a solid 10. They have someone who speaks Spanish, which made it easier for us.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I am comparing it with Advanced Security from GitHub and Cycode.
How was the initial setup?
Two of us were involved in the deployment process.
It took a week to deploy the GitGuardian Platform, just to standardize the process.
What about the implementation team?
Two of us were involved in the deployment process.
What was our ROI?
Regarding return on investment, we have actually saved time and resources because before having GitGuardian Platform, we had two or three people working in every repository looking for secrets with open-source tools. It took a long time to find secrets or many patterns, and at the time, we had to configure our own patterns to find them. I cannot specify the exact return on investment, but I can surely say that we have saved significant time and resources, particularly in terms of people and automation.
Which other solutions did I evaluate?
I would compare the GitGuardian Platform to other solutions or vendors on the market as being easier to use, but it is not integrated with the CSM that we are using right now. That is the difference. It is easy to use, but it could be easier.
What other advice do I have?
We are customers in our company's relationship with the vendor.
I work primarily with the CLI, focusing on pipelines and automations rather than the platform itself. The platform has remained almost the same within the year that we have been working with it.
We are not utilizing the automated playbooks yet.
I cannot determine if the pricing is cost-effective.
The vendor can contact me if they have any questions or comments about my review.
I have rated the GitGuardian Platform a 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Git Guardian Helps me avoid revealing sensitive data to the public
What do you like best about the product?
I like that it gives me automated warning about exposing potential sensitive data
What do you dislike about the product?
I just use it for the automated warnings. I don't see a downside yet.
What problems is the product solving and how is that benefiting you?
It stops me exposing sensitive data. Sometimes I will add passwords during debugging and forget to remove them. Git guardian fixes this.
showing 1 - 10