Our developers use the GitGuardian platform to securely access and manage secrets within their repositories. This allows them to identify and address any potential security risks.

GitGuardian's detection capabilities are good.

The accuracy of detections and the false positive rate are good.

It has improved the abilities of our developers and security team.

The playbooks help to identify and prioritize security incidents.

GitGuardian helped us increase our secret detection rate.

GitGuardian helped to increase our security team's productivity. It allows us to find the secrets and their repository faster. As the security team is focusing on one app to audit it, we also look at the GitGuardian findings for that app, and that is easier than looking for the secrets manually.

The most valuable feature is the general incident reporting system. It provides informative data with good filtering and reporting options.

We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories. Ideally, when a user contributes to a repository, they would be automatically added to GitGuardian and granted access to view that specific repository. This would eliminate the need for manual user creation and permission assignment within the platform.

I have been using the GitGuardian Platform for one and a half years.

The GitGuardian Platform is stable.

The GitGuardian Platform can deploy at scale.

The pricing for GitGuardian is fair.

I would rate the GitGuardian Platform eight out of ten.

Getting started with GitGuardian required some preliminary setup on our part. This involved configuring both our on-premise GitHub Enterprise server and the GitGuardian application itself, granting the application access to the enterprise server.

GitGuardian requires around two hours per week of maintenance. We have our scripts that add users to the tool as needed. So we have a script that looks at our GitHub server talks to that API, and uses the information from that to add users to GitGuardian. And we have to maintain those because sometimes just like with any code, we have to make sure that process is still working.

GitGuardian's onboarding process and customer success teams were helpful.

I recommend GitGuardian as an easy-to-use tool that tackles a major security risk often overlooked by companies. This platform can significantly improve your software development lifecycle.

While detecting hidden functionality within a security program for application development isn't the highest priority, it does hold some value. If resources allow, it's worth considering incorporating methods to identify such secrets.

Organizations considering the GitGuardian Platform should establish clear action points for employees who will be using the tool. This ensures everyone understands how to leverage GitGuardian effectively within their workflow.

The GitGuardian Platform is primarily used for dependency checks within our development process. This allows us to create a catalog of all dependencies used throughout our code repositories.

We've been impressed with the detection capabilities of the GitGuardian Platform. In fact, it's performing very well compared to other solutions we've evaluated that meet FDA compliance standards. To this end, we're currently in the midst of a trial period with GitGuardian to further assess its effectiveness for our needs.

While GitGuardian is a powerful solution, it's important to consider false positives. Some tools overwhelm users with alerts for unimportant issues, creating a flood of low-severity incidents. This can lead to alert fatigue and make it harder to identify critical problems. In my experience, GitGuardian strikes a good balance between accuracy and false positives, earning it a rating of eight out of ten.

GitGuardian significantly improves our ability to prioritize remediation efforts. Previously, without automatic detection, incidents could take anywhere from one day to a month to fix after being discovered manually. Now, thanks to GitGuardian's alert system, we're notified of new incidents immediately, allowing us to address them quickly – typically within a couple of hours. This ensures that the most critical issues are prioritized and resolved swiftly.

It integrates well with our shift-left strategy. This means it identifies and addresses security vulnerabilities early in the development process, before they can impact our production environment. A good security solution shouldn't disrupt production. If implementing GitGuardian had caused any issues in production, it wouldn't be a suitable choice for our needs.

The use of GitGuardian impacted our developers' and security team's ability to work together on resolving security issues. Our current system routes all new incident alerts directly to both teams. Ideally, upon identifying a clear security issue, we would engage with developers to collaboratively determine the appropriate solution and prioritize based on both severity and urgency.

GitGuardian has helped increase our secrets detection rate.

GitGuardian has significantly boosted our security team's productivity. We've transitioned from manual secret scanning in our repositories to an automated system, making automation the key improvement. This shift has saved the security team valuable time, reducing the time spent per incident by a couple of hours.

The only preparation we had to do to start using GitGuardian was to integrate it into our GitHub account.

In application development security, detecting secrets is one of the most crucial practices. A single exposed secret can inflict enormous damage on a company.

The most valuable feature is its ability to automate both downloading the repository and generating a Software Bill of Materials directly from it. This allows us to efficiently obtain the complete SBOM, including all dependencies, for either a new repository or a previously selected one.

One of our current challenges is that the GitGuardian platform identifies encrypted secrets and statements as sensitive information even though they're secured. This leads to unnecessary incidents being flagged, causing problems for our workflow. To address this, a context-based secret scanning feature would be a valuable improvement. This functionality would allow the platform to understand the context of the data before flagging it as a secret, reducing the number of false positives.

I have been using the GitGuardian Platform for six months.

I would rate the stability of the GitGuardian Platform ten out of ten.

GitGuardian meets our scaling needs.

I'm impressed with the technical support team. We have bi-weekly meetings where we discuss any issues, and whenever I need something, I've received a response within a few hours.

The customer success team is another group I truly value meeting with. Their focus aligns directly with the challenges we face. They are incredibly responsive, and if we ever need clarification on anything, they get back to us within a couple of days. Additionally, the onboarding documentation on their website, along with the videos they produce on YouTube, are more than sufficient for getting developers up to speed.

In addition to GitGuardian Platform, we are also evaluating GitHub Dependabot and Snyk. One of the key features that impressed us with GitGuardian Platform is its ability to automatically create incidents for security vulnerabilities. This is particularly helpful because it allows us to prioritize these incidents based on their CVSS score, ensuring we address the most critical issues first.

I would rate the GitGuardian Platform nine out of ten.

Our GitGuardian users are developers.

No maintenance is required from our end.

I recommend GitGuardian because the setup is easy.

We noticed a problem with developers putting secrets in their code, and we needed a solution for this. I had previously used GitGuardian in my own hobby projects, so I knew what it was all about. I was asked to look into alternatives to ensure we had considered every possibility, but we quickly found that GitGuardian was the right solution for our use case. The company has around 100 users.

Using GitGuardian has made developers more aware of secrets. The senior leadership at the company is impressed with how well GitGuardian works. We've also heard some good comments about how snappy the website is. We do not have a shift-left culture at our company, but we are moving toward it, and GitGuardian definitely helps with this.

GitGuardian has improved the collaboration between the security and dev teams. The developers have taken to the tool nicely and are using it efficiently. At the same time, it doesn't require any communication between the developers and the security team in terms of remediation because it's intuitive enough for the developers to know they need to fix an issue when they get an email notifying them about it. They also know how to fix it because GitGuardian shows that in the remediation steps.

The solution has greatly increased our secret detection rate. When we did it manually, it took about an hour to find 50. Now, we get around 250 in an hour, and they appear instantly when we sign in. It has improved the remediation time quite a bit. We're down to nine minutes now, which is a vast improvement compared to when it was a manual process.

GitGuardian has increased the security team's productivity by shifting the responsibility to the developers. We are almost never inside GitGuardian monitoring it. It's mostly when we need to do our weekly reporting. We generally leave it up to the developers to fix their code. That's just how the company works.

I like GitGuardian's instant response. When you have an incident, it's reported immediately. The interface gives you a great overview of your current leaked secrets. It's easy to reduce the false positive rate because we can customize the detection rules to be as granular as we want. We can set up rules to say certain things should never be detected. We're happy with the false positive rate, but we notice a lot from our test certificates in our code. There is no clear way to define if a certificate is a test certificate apart from the name. I think it's a good thing that they have these false positives rather than false negatives.

We use some of the playbooks. They help us prioritize security incidents. We're only using a limited set at the moment, but the ones we use help us identify and prioritize security incidents.

GitGuardian encompasses many secrets that companies might have, but we are a Microsoft-only organization, so there are some limitations there in terms of their honey tokens. I'd like for it to not be limited to Amazon-based tokens. It would be nice to see a broader set of providers that you could pick from.

The company has only been using GitGuardian for a couple of months now, but I have used it for many years.

I rate GitGuardian nine out of ten for stability.

I rate GitGuardian ten out of ten for scalability.

I rate GitGuardian support ten out of ten. We had some issues with GitGuardian failing to detect some secrets. We contacted support. They resolved the problem swiftly and kept us informed throughout the process. They started the process of creating a new detection, and it's a new feature that they're working on.

I previously used some open-source solutions, but they were not quite on par with GitGuardian. An open-source solution is only as good as the developers maintaining it. The developers maintaining it are not paid to maintain it, unlike those who are paid to keep a commercial solution updated. The paid solutions are way better.

GitGuardian is a SaaS platform, so you don't need to deploy it. It's just a matter of onboarding users. It doesn't require any maintenance on our side.

We have only used GitGuardian for four months, so it's hard to calculate a return. However, it will save us a lot of headaches with the new EU regulations in the long run.

When we're talking about security, there is no price that is too high to keep a company safe.

I rate GitGuardian nine out of ten. A secrets detection program is one of the most critical things in application development. It's easy enough to implement GitGuardian, so you don't need to test it, but you can always go with a trial because you need to know if this is the right solution for you. It's so easy to get started with GitGuardian that you don't need to go through all the bureaucracy.

We use GitGuardian Public Monitoring for code that is exposed in public.

GitGuardian Public Monitoring's detection capabilities are good. I'm still learning the ropes of using some search techniques. However, it's impressive how we can find information even if it's been deleted. That's helpful!

The more I use GitGuardian Public Monitoring, the easier it becomes to identify false positives. When I started this role less than a year ago, it was my first time working with code. It took some time to adjust. However, I'm now getting faster at reviewing alerts and determining the risk. I can often tell if something is a genuine threat or just someone testing something out. In those cases, I can quickly confirm with the developer whether it's an actual secret. Overall, my detection skills are improving. This helps me filter through alerts more efficiently. When the system was first implemented last May, we had a lot of data to sift through, and GitGuardian Public Monitoring has made that process much faster.

GitGuardian Public Monitoring helps us prioritize remediation tasks efficiently. It allows me to assign severity levels to detections. I can mark high-risk ones for immediate attention while leaving others in their triggered detection status. This way, I can easily filter detections later based on the assigned severity levels that are set by me or others to quickly find the ones I'm currently working on or those requiring the most critical attention.

The Public Monitoring Explore feature is a powerful tool. It allows me to create searches beyond our usual parameters. They even have a helpful cheat sheet available. I've found it very useful, uncovering surprising information that required further action. Overall, it's a valuable resource.

The Explore feature has been very helpful in uncovering potential issues that we can address immediately. These are issues that wouldn't have been identified through our regular alerts. In this way, Explore allows us to delve deeper and identify additional exposures and potential risks that we might otherwise miss.

I'm currently using GitGuardian Public Monitoring to detect secrets and identify any exposure to our company's intellectual property code. That's the extent of our use case for now. I'm aware that GitGuardian is planning to release additional features, such as public Postman monitoring, which I'm very interested in. I believe we'll be incorporating that functionality in the future. As for honey tokens, I haven't had a chance to use them yet, but I'm familiar with the concept. I think utilizing honey tokens could also be beneficial, potentially helping us gauge how quickly exposed secrets are exploited. We initiated a trial of GitGuardian Public Monitoring last May, which lasted for several months. While it generated a significant number of alerts initially, which could be overwhelming, we were able to identify valuable findings during the trial period that demonstrated the product's worth.

GitGuardian Public Monitoring improves our overall security visibility by eliminating blind spots. This helps us identify potential security risks that might otherwise go unnoticed for extended periods.

GitGuardian has been very effective in helping us monitor our developers' public activity. I'd like to spend more time exploring its capabilities and using it to its full potential. While I'm confident we're currently up-to-date, there are likely additional features I haven't discovered yet. However, I trust GitGuardian to notify us promptly of any new threats that emerge. Overall, I'm impressed with its ability to catch a wide range of issues.

Initially, users were unresponsive to our emails and questions, and they often became defensive. However, with increased interaction, I believe they're starting to understand that our primary goal is to comprehend and document the exposed information to help improve our meantime to remediation.

GitGuardian has been very effective in detecting and alerting us to security leaks quickly. It's identified issues that we likely wouldn't have caught ourselves, either because we lack the resources or simply weren't actively searching for them. This has been helpful because it allows us to address these leaks promptly.

The Explore function is valuable for finding specific things I'm looking for. I also appreciate that critical or high-priority issues are sent directly to my email. This ensures I'm notified even if I'm not actively checking the website.

I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers.

I have been using GitGuardian Public Monitoring for less than one year.

I've never had any problems with GitGuardian's stability. The only issue I ran into was when our free trial expired. Until we renewed it, I couldn't access the product, which caused some delays with my follow-up tasks. It's important to note that this wasn't a problem with GitGuardian itself, but rather a limitation of the free trial. Overall, I've been very impressed with the stability of their product.

Right now, we're only considering using GitGuardian for public GitHub repositories. While it offers additional features, we don't have a current need for them. It's a powerful tool with capabilities we might explore in the future, but for now, our focus is on its basic functionalities.

The customer support has been very responsive to our requests and inquiries. They are very quick to take action, and I learn more about the product each time I reach out to them. They have been great to work with.

The technical support team is very responsive and thorough. Whenever I have a question, I simply email them. Even if I don't send it to the right person initially, they'll be sure to forward it to the appropriate support agent. When I receive a response, it's often more detailed than I expect. They explain not only how to solve my specific issue, but also provide additional information that helps me better understand and utilize the tool. This feedback allows me to learn a lot and improve my skills.

We have used other solutions to find secrets in the code. However, we did not have a specific tool to look for public exposure of our code.

We're still deploying GitGuardian. It's proving to be more complex than anticipated. I suspect this is due to internal processes rather than GitGuardian itself. When I tested it out, it was quite straightforward to get started. However, the onboarding process seems to involve a lot more bureaucracy.

We have half a dozen people involved in the deployment.

The implementation was completed in-house.

I would rate GitGuardian Public Monitoring nine out of ten.

Once deployed GitGuardian will only require minimal maintenance.

For organizations that don't prioritize secret detection, deploying honeytokens can be a wake-up call. They'll quickly see the importance of implementing secret detection measures.

Secret detection is crucial for a security program aimed at application developers. Exposing secrets in code is akin to giving away your house keys.

I recommend evaluating GitGuardian Public Monitoring through a trial, similar to our experience. This was very helpful in understanding the system, developing workflows, and determining how we could best utilize it. Unfortunately, when I was assigned to work with it, I didn't receive any initial training. My manager simply informed me that we would be using the tool. While I was able to learn it independently, a demo or introduction from GitGuardian beforehand would have been beneficial. This would have allowed me to explore the functionalities before diving in and figuring things out on my own.

I recommend GitGuardian Public Monitoring to others.