We performed a comparison between Aqua Cloud Security Platform and GitGuardian Platform based on real PeerSpot user reviews.
Find out in this report how the two Software Supply Chain Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The CSPM product is great at securing our cloud accounts and I really like the runtime protection for containers and functions too."
"The most valuable feature of Aqua Security is the scanner."
"The solution was very user-friendly."
"Aqua Security helps us to check the vulnerability of image assurance and check for malware."
"The DTA, which stands for Dynamic Threat Analysis, allows me to analyze Docker images in a sandbox environment before deployment, helping me anticipate risks."
"Aqua Security allowed us to gain visibility into the vulnerabilities that were present in the container images, that were being rolled out, the amount of risk that we were introducing to the platform, and provided us a look into the container environment by introducing access control mechanisms. In addition, when it came to runtime-level policies, we could restrict container access to resources in our environment, such as network-level or other application-level access."
"From what I understand, the initial setup is simple."
"The most helpful feature of Aqua Security is Drift Prevention, which is a feature that allows images to be immutable. In addition, one of the main reasons we went with Aqua Security is because it provides strong protection when it comes to runtime security."
"GitGuardian has many features that fit our use cases. We have our internal policies on secret exposure, and our code is hosted on GitLab, so we need to prevent secrets from reaching GitLab because our customers worry that GitLab is exposed. One of the great features is the pre-receive hook. It prevents commits from being pushed to the repository by activating the hook on the remotes, which stops the developers from pushing to the remote. The secrets don't reach GitLab, and it isn't exposed."
"It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track down who owns the repository and who is responsible for cleaning it up."
"The entire GitGuardian solution is valuable. The product is doing its job and showing us many things. We get many false positives, but the ability to automatically display potential leaks when developers commit is valuable. The dashboards show you recent and historical commits, and we have a full scan that shows historical leaked secrets."
"It enables us to identify leaks that happened in the past and remediate current leaks as they happen in near real-time. When I say "near real-time," I mean within minutes. These are industry-leading remediation timelines for credential leaks. Previously, it might have taken companies years to get credentials detected or remediated. We can do it in minutes."
"Some of our teams have hundreds of repositories, so filtering by team saves a lot of time and effort."
"The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there."
"The most valuable feature of GitGuardian is that it finds tokens and passwords. That's why we need this tool. It minimizes the possibility of security violations that we cannot find on our own."
"The most valuable feature is the general incident reporting system."
"Aqua Security could improve the forwarding of logging into Splunk and into other tools, it should be easier."
"Since we are working from home, we would like to have the proper training for Aqua."
"Aqua Security could provide more open documentation so that their learning resources can be more easily accessed and searched through online. Right now, a lot of the documentation is closed and not available to the public."
"It's a bit hard to use the user roles. That was a bit confusing."
"In the next release, Aqua Security should add the ability to automatically send reports to customers."
"Sometimes I got stressed with the UI."
"The integrations on CICD could be improved. If Aqua had more plugins or container images to integrate and automate more easily on CICD, it would be better."
"The solution could improve user-friendliness."
"They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers."
"We have been somewhat confused by the dashboard at times."
"The main thing for me is the customization for some of the healthcare-specific identifiers that we want to validate. There should be some ability, which is coming in the near future, to have custom identifiers. Being in healthcare, we have pretty specific patterns that we need to match for PHI or PII. Having that would add a little bit extra to it."
"GitGuardian could have more detailed information on what software engineers can do. It only provides some highly generic feedback when a secret is detected. They should have outside documentation. We send this to our software engineers, who are still doing the commits. It's the wrong way to work, but they are accustomed to doing it this way. When they go into that ticket, they see a few instructions that might be confusing. If I see a leaked secret committed two years ago, it's not enough to undo that commit. I need to go in there, change all my code to utilize GitHub secrets, and go on AWS to validate my key."
"We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories."
"It took us a while to get new patterns introduced into the pattern reporting process."
"There is room for improvement in GitGuardian on Azure DevOps. The implementation is a bit hard there. This is one of the things we requested help with. I would not say their support is not good, but they need them to improve in helping customers on that side."
"For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives."
Aqua Cloud Security Platform is ranked 6th in Software Supply Chain Security with 16 reviews while GitGuardian Platform is ranked 1st in Software Supply Chain Security with 22 reviews. Aqua Cloud Security Platform is rated 8.0, while GitGuardian Platform is rated 9.0. The top reviewer of Aqua Cloud Security Platform writes "Reliable with good container scanning and a straightforward setup". On the other hand, the top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". Aqua Cloud Security Platform is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Snyk, Red Hat Advanced Cluster Security for Kubernetes and SUSE NeuVector, whereas GitGuardian Platform is most compared with SonarQube, Cycode, GitHub Advanced Security, Snyk and Microsoft Purview Data Loss Prevention. See our Aqua Cloud Security Platform vs. GitGuardian Platform report.
See our list of best Software Supply Chain Security vendors and best DevSecOps vendors.
We monitor all Software Supply Chain Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
