We use the solution to detect any secret exposure.
GitGuardian Platform
GitGuardianExternal reviews
251 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Very nice and interesting security tool
What do you like best about the product?
It was very nice to know that it has a tool that can scan all files and code exposed to the public. It allows us to have much more security with our business. I think that it's the best tool.
What do you dislike about the product?
The only thing that I'd like to suggest is to simplify the view of revision history. Except it, I don't have another critical to say. I think the site is very detailed e good build
What problems is the product solving and how is that benefiting you?
I was a policy break that was exposed publicly envolving application.roperties file from my project and it appears to exposed sensitive information. That i can know it because of GitGuardian.
GitGuardian for Github code
What do you like best about the product?
Threat detection when check in new code.
What do you dislike about the product?
Use Interface can be made more user friendly
What problems is the product solving and how is that benefiting you?
Threat detection made life easier. When we put Database details in properties file. It quickly detects the threat
Evaluation of GitGuardian
What do you like best about the product?
One of the best things about GitGuardian is its ability to automatically detect sensitive information in real-time. Identify potential sensitive data leaks. This proactive detection helps development teams quickly identify security issues and act to fix them before they cause harm.
What do you dislike about the product?
False negatives: Just as false positives occur, where GitGuardian identifies a potential sensitive data leak that actually isn't, false negatives can also occur.
What problems is the product solving and how is that benefiting you?
Identify and alert about possible leaks of sensitive data, such as API keys, passwords, and authentication information.
Easy and useful
What do you like best about the product?
The automatic checks for vulnerabilities and the warning of vulnerabilities via e-mail.
What do you dislike about the product?
Is perfect, i don't dislike any function.
What problems is the product solving and how is that benefiting you?
Notifying me when I or someone on the team forgets a password or token in the code.
Check the vulnerabilities before it gets exploited.
What do you like best about the product?
It thoroughly checks your application code to analyze the security vulnerabilities. It can also be integrated with GitHub directly with your repository. We will receive emails related to the bugs and issues we have in our code. Not only once, but also even after years, you will receive notification about the newly found security issues in your codes.
What do you dislike about the product?
We have so much information in the UI dashboard which GitGurdian provides that's why it makes it a little bit difficult to navigate through different features, as a lot of information is available there.
Just a basic example sometimes I do struggle in changing the scan-enabled repos in gitGurdian dashboard. Most of the time end up searching on Google for a specific feature use it.
Just a basic example sometimes I do struggle in changing the scan-enabled repos in gitGurdian dashboard. Most of the time end up searching on Google for a specific feature use it.
What problems is the product solving and how is that benefiting you?
Back in 2020, I developed a google meet API. I published it and accidentally also pushed the credentials to GitHub. Luckily I had gitGurdian enabled in my GitHub repo; it immediately scanned it and sent me an email regarding this to fix the issues. So far I its working fine.
Useful
What do you like best about the product?
Immediate alerts. Also the capabilities of setting up the alerts as per our preference. Logging it with github makes it easier to sign in. Also it identifies evey types of password leaks. The ability to scan for threats in a very large codebase and sending alerts on email is very useful.
What do you dislike about the product?
The user interface is not very interesting. Also it would be best if there is a functionality to directly integrate it on girhub and show alerts as notifications.
What problems is the product solving and how is that benefiting you?
It helps to identify personal information leaks. I myself have many times forgot to delete the user credentials and database passwords in ny code base. Also various api keys from various cloud providers are identified and alerts are sent immediate. This helps me to have a peace of mind knowing that if I have done something wrong and exposed the personal information on github I would be notified immediately
Helped to decrease the overall false positive rate, but the authentication process has room for improvement
What is our primary use case?
How has it helped my organization?
The overall breadth of the solution is good. It's been able to detect most of the secrets that we have.
The accuracy of the solution is generally good, but we have had a number of false positives. For example, sometimes we would commit a test secret, and it would not follow the action of a secret. This is because the secret contained a prefix that is commonly used in passwords, such as "password". We have been able to take action to suppress these false positives moving forward.
The solution helps to quickly prioritize remediation. When we go back to the historical scan, it can tell us not only what vulnerabilities were exposed, but also the general risk level of each vulnerability. This allows us to prioritize remediation efforts and focus on the more critical vulnerabilities first.
The solution helped to decrease the overall false positive rate. We have been able to decrease the number of false positives by about seven percent. When we receive alerts now, they are usually general alerts. We do not receive alerts that are specific to a door without the pull being put in place when we investigate.
The solution increased our secret detection rate by around 80 percent.
We detected a security issue, and we were able to fix it in the system within half a day. This was possible because we reduced the number of follow-up steps required. The solution saved our security team about 25 percent of their time. This means that we probably removed about a week's worth of incident management work. This is a significant improvement in security, and it saved our team a lot of time.
The solution also helped reduce our mean time to remediation.
What is most valuable?
At the start, historical scanning was very useful because it was the first time we had done it. It allowed us to see how many secrets we had exposed. If we had only focused on current secrets, we would have missed all the secrets that had been committed in the past. So, initially, the historical scan was really useful.
Presently, we find the pre-commit hooks more useful. These hooks allow us to set up a local development environment where we can scan for secrets before we commit them to the repository. This saved us a lot of time.
What needs improvement?
It took us a while to get new patterns introduced into the pattern reporting process. If there is a way to automate this process so that we can include our own patterns in our repositories, that would be very useful.
The authentication process could be improved. A single sign-on system would be very helpful.
For how long have I used the solution?
I have been using GitGuardian Internal Monitoring for one and a half years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable, so we can create instances for each scan that we run. This means that we will never have any issues with load or performance. We have 100 end users the utilize the solution.
How are customer service and support?
The technical support has been very helpful. The system is also pretty intuitive, so we haven't had to contact them very often.
How would you rate customer service and support?
Positive
What was our ROI?
We have seen a 10 percent return on investment. Resource-wise, creating a secret once it has been detected is a significant undertaking. Early detection has saved a lot of time, and I think there would be various penalties. Theoretically, if we continued to explore secrets, we could also save and compromise.
What's my experience with pricing, setup cost, and licensing?
I compared the solution to a couple of other solutions, and I think it is very competitively priced.
What other advice do I have?
I give GitGuardian Internal Monitoring a seven out of ten. The solution is really good, but the false positives that we had to work with lower the solution's overall score.
When we first started using the solution, we had to address some areas quickly. We had pushed through some public-facing features because we wanted to start working in the open. However, this prompted us to realize that we weren't quite ready to do that. So we had to make all of our clusters private again, or as private as possible. The thought of working in the open had to be reviewed at the start.
The solution does not require maintenance. It is used extensively and is part of our security check pipeline. It is included as part of the pipeline in any repository that is created. It is also included in the repository itself. Each project is included as a pre-commit process. Additionally, it is included in our deployment pipeline because it is well integrated into our productivity tools.
Secret detection is a very important part of a security program for application development. It gives us the confidence to commit our work to a shared environment, especially if we want to make it public. Secret detection helps to ensure that confidential information is not exposed.
For those using an open-source tool, I would suggest pointing out what sort of support they might need. If they're comfortable using it on their own, then that's fine. But if they need support, it would be helpful to have a support package available.
People should do a proof of concept first because the way it will be configured for them might be different. I don't know if we can figure it out for sales for another organization. So, having a proof of concept to fully understand how it will work best for them is useful.
Life Saver (Not exactly, but yeah)
What do you like best about the product?
The moment I push a secret on my repository, I get a notification stating hey, you left some secret over there.
This helps a lot; I can revoke the secret after that.
This helps a lot; I can revoke the secret after that.
What do you dislike about the product?
There's nothing I know that I dislike about GitGuardian.
What problems is the product solving and how is that benefiting you?
As I said in my review, GitGuarding is a life saver for me, as it quickly notify me about my secrets. And Yeah I've been more productive. I'm not sure if my business performance is increased, but surely it helps in not exposing the secrets
Good experience
What do you like best about the product?
It told me about exposed secrets and api keys.
What do you dislike about the product?
no downsides, i have actually using it for a few weeks, does not find any downsides
What problems is the product solving and how is that benefiting you?
it told me about my exposed secrets and api keys on which repository and on which line of that repository.
Great last line of defense against accidental leaks
What do you like best about the product?
It's great at detecting any leaked secrets. The webapp is simple to use and they have good integrations with our stack.
They make it really easy to identify issues and act on them, even for less experienced developers.
The analytics available are also really useful and provide good insights on how the GitGuardian protects the codebase.
They make it really easy to identify issues and act on them, even for less experienced developers.
The analytics available are also really useful and provide good insights on how the GitGuardian protects the codebase.
What do you dislike about the product?
I'd like it to be more intelligent at learning from feedback. Sometimes things marked as false positives keep popping up later. I know there's an option to exclude certain paths but I think the app would benefit from learning from previous corrections.
What problems is the product solving and how is that benefiting you?
It prevents developers from accidentally leaking secrets. We are a lot more confident now on our security and know that nothing has bean leaked without us knowing. This increases our business security and it's great to show our clients.
showing 171 - 180