Great tool to have your back
What do you like best about the product?
Extremely useful solution to have when you are developing your solutions
What do you dislike about the product?
The downside is that you know you messed up in your code and security.
What problems is the product solving and how is that benefiting you?
Inadvertently publishing product keys.
Facilitates efficient secret management and improves development processes
What is our primary use case?
My use case for the GitGuardian Platform is application security.
What is most valuable?
My impression of the GitGuardian Platform's capability to detect secrets in real time is actually really amazing, because it lets us protect or block the pipelines in which we deploy new applications so we can acknowledge when a secret is hardcoded in a repository, or when we have already hardcoded secrets within templates in our repos.
We adopted it a year ago, and it has been doing great in our teams, especially for developers. The impression so far has been good.
The severity scoring has helped us in incident management because it is doing the correct job. We got many secrets leaked within our platform and it was making the correct warnings regarding that particular secret, as we had a hardcoded Google Cloud API key. It was marked as a critical severity, so we had the chance to correct it, regenerate that secret and work again on not hardcoding secrets within our code.
GitGuardian's public leak detection significantly enhances our organization's data security by continuously monitoring public repositories. It allows us to proactively identify accidental exposures of sensitive credentials or secrets.
What needs improvement?
Regarding the exceptions in GitGuardian Platform, we know that within the platform we have a way to accept a path or a directory from a repository, but it is not that visible at the very beginning. You have to figure out where to search for it, and once you have it, it is really good, but it is not that visible at the beginning. This should be made more exposed.
The documentation could be better because it was not that comprehensively documented. When we started working with GitGuardian Platform, it was difficult to find some specific use cases, and we were not aware of that. It might have improved now, but at that time, it was not something we would recommend.
For how long have I used the solution?
I have been using the GitGuardian Platform for almost a year now.
What was my experience with deployment of the solution?
The deployment of the GitGuardian Platform was easy.
What do I think about the stability of the solution?
From 1 to 10, I rate the stability of the GitGuardian Platform a 10, as there are no downtimes.
What do I think about the scalability of the solution?
I would rate the scalability as a 10, since we did not have any problems.
How are customer service and support?
For technical support, I would give a solid 10. They have someone who speaks Spanish, which made it easier for us.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I am comparing it with Advanced Security from GitHub and Cycode.
How was the initial setup?
Two of us were involved in the deployment process.
It took a week to deploy the GitGuardian Platform, just to standardize the process.
What about the implementation team?
Two of us were involved in the deployment process.
What was our ROI?
Regarding return on investment, we have actually saved time and resources because before having GitGuardian Platform, we had two or three people working in every repository looking for secrets with open-source tools. It took a long time to find secrets or many patterns, and at the time, we had to configure our own patterns to find them. I cannot specify the exact return on investment, but I can surely say that we have saved significant time and resources, particularly in terms of people and automation.
Which other solutions did I evaluate?
I would compare the GitGuardian Platform to other solutions or vendors on the market as being easier to use, but it is not integrated with the CSM that we are using right now. That is the difference. It is easy to use, but it could be easier.
What other advice do I have?
We are customers in our company's relationship with the vendor.
I work primarily with the CLI, focusing on pipelines and automations rather than the platform itself. The platform has remained almost the same within the year that we have been working with it.
We are not utilizing the automated playbooks yet.
I cannot determine if the pricing is cost-effective.
The vendor can contact me if they have any questions or comments about my review.
I have rated the GitGuardian Platform a 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Git Guardian Helps me avoid revealing sensitive data to the public
What do you like best about the product?
I like that it gives me automated warning about exposing potential sensitive data
What do you dislike about the product?
I just use it for the automated warnings. I don't see a downside yet.
What problems is the product solving and how is that benefiting you?
It stops me exposing sensitive data. Sometimes I will add passwords during debugging and forget to remove them. Git guardian fixes this.
I'm amazed by how quickly GitGuardian identifies vunerabilities
What do you like best about the product?
Secret expose & quick resolution + Great User Experience
What do you dislike about the product?
They have all the access to our Private Secrets and infomations. We can't just trust any company with our Database that was leaked.
What problems is the product solving and how is that benefiting you?
Quick resolution & secret Identification.
It immediately detects security risks and gives good tips on how to fix them
What do you like best about the product?
It is quick in detecting risks and it easily gives tips on fixing those risks
What do you dislike about the product?
Nothing much, the UI could be more intuitive.
What problems is the product solving and how is that benefiting you?
For my personal use, it helps me secure my applications.
Keep doing GreatJob
What do you like best about the product?
I really like how the notified incidents with keys are handled, and the detail for resolving them, plus the files involved in the leak.
What do you dislike about the product?
Instead of getting it by email, I'd like to set up a pipeline so that the email only comes through when something goes wrong.
What problems is the product solving and how is that benefiting you?
The way it notifies you is awesome because it makes sure your keys don't get exposed. But it would be even better to prevent it even more by doing a local test before each commit and showing the results locally before pushing to GitHub. Because once it's on Git, even if you stop tracking it later, if the repo ever goes public, the history is still visible.
It Actually Saved My ***!
What do you like best about the product?
Oh man, since I discover GG like 3 years ago, it has become a MUST-HAVE on all of my repos, I always double-check everything, but still, I'm a human and I can make mistakes… So it is always good to have a (yeah, let's called “Guardian” Lol) Guardian keeping the gates to my endpoints, buckets, etc., safe.
What do you dislike about the product?
Something it's missing it's a Mobile App
What problems is the product solving and how is that benefiting you?
On every project I have sold, I need to demonstrate to my clients that their information and the information of the end-users are properly handled, that includes all the keys/secrets to instances, databases and more. And in order to do so, one of the tools I use the most, is showing GitGuardian to ensure that we're handling the secrets properly.
Saved from hacking
What do you like best about the product?
It tells you whenever there are some info leackage in your github repositories in automatic.
What do you dislike about the product?
Can be better functionalities regarding automatic capturing of errors or problems. There can be sometimes that the leakage is a false-positive.
What problems is the product solving and how is that benefiting you?
The problems regards security and information leakage
Catch your secrets instantly
What do you like best about the product?
The steps to integrate the GitGuardian with your version control like GitHub is really easy and also we can integrate it in local as well so that at the time of code commit if you have any secrets like API Keys, IAM Keys or PII etc.gets detected by GitGuardian and it doesn't allow you to commit the code until you remove it. This is very helpful feature of GitGuardian in day to day life of any developer or devops person.
What do you dislike about the product?
There are no cons as such to tell here, it went well so far.
What problems is the product solving and how is that benefiting you?
We wanted something which will block every developer or any other person in our organisation to commit any secrets or PII information which very sensitive for us. And this was solved by GitGuardian and we can now commit and push out code to repositories without any fear of exposing sensitive information.
Beginner friendly
What do you like best about the product?
As a novice, I stumbled upon GitGuardian and utilized it to protect sensitive data, particularly API keys and credentials, from accidental exposure. The tool continuously scans all repositories, including those that are private, in real time, which has been a source of confidence for me. The application is very user-friendly, and alarm bells are raised instantly when any threat is detected. I also appreciate that it does not interrupt my workflow, but rather enhances it by managing to integrate itself within my Git operations so that I devote more time towards coding rather than worrying about managing secrets. Customer support immediately responds with a valid mail about user having lost their confidential information online. This creates ease of implementation for a new member to the github community understanding what to and what not to disclose online. GitGuardian automatically gets active when a potential confidential information is leaked, making it the best among all other security methods. And no matter how many times does somebody repeat a mistake, GitGuardian always has their back which although makes frequency of use more but in the longer run teaches the end user something new each time.
What do you dislike about the product?
GitGuardian has many great functionalities for its users, but one drawback that I found is that some alerts tend to be over sensitive making them pick harmless things that do not require any action. This may be overwhelming especially for the newbie users, who are not yet clear with what a real threat entails. Furthermore, the usability of the software could be enhanced by making alert navigation as well as management easier. Nonetheless, these aspects are only a small fraction compared to the overall functionality commercialized, overall this creates easy environment for learners to protect their data whatsoever reevaluating confidential stuff.
What problems is the product solving and how is that benefiting you?
Anything related to keeping possibly confidential things private, if accidentally leaked on github, is taken care by gitguardian. This in itself is a huge feature.
