We performed a comparison between GitGuardian Internal Monitoring and Microsoft Purview Data Loss Prevention based on real PeerSpot user reviews.Find out in this report how the two Data Loss Prevention (DLP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Presently, we find the pre-commit hooks more useful."
"The entire GitGuardian solution is valuable. The product is doing its job and showing us many things. We get many false positives, but the ability to automatically display potential leaks when developers commit is valuable. The dashboards show you recent and historical commits, and we have a full scan that shows historical leaked secrets."
"GitGuardian Internal Monitoring has helped increase our secrets detection rate by several orders of magnitude. This is a hard metric to get. For example, if we knew what our secrets were and where they were, we wouldn't need GitGuardian or these types of solutions. There could be a million more secrets that GitGuardian doesn't detect, but it is basically impossible to find them by searching for them."
"GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week."
"When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history."
"The most valuable feature of GitGuardian is that it finds tokens and passwords. That's why we need this tool. It minimizes the possibility of security violations that we cannot find on our own."
"The breadth of the solution detection capabilities is pretty good. They have good categories and a lot of different types of secrets... it gives us a great range when it comes to types of secrets, and that's good for us."
"It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track down who owns the repository and who is responsible for cleaning it up."
"One of the valuable features of Purview is the ability to create a legal hold on a user's account within the compliance portal. That's pretty useful when it comes to any litigation or if you want to redeem the content within a mailbox, OneDrive, or a generic public SharePoint site."
"There's a good amount of documentation in case you run into any problems."
"I rate Microsoft Purview Data Loss Prevention's stability a ten out of ten."
"The product is easy to configure."
"Because everything is on Microsoft and we use Azure, integration with the product is easier. That's the most important thing when you use many Microsoft products. It's easier to integrate everything in one place."
"It has helped our clients to reduce the time to action on insider threats because it can be integrated."
"We can use Microsoft Purview Data Loss Prevention to manage devices and site policies."
"I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing."
"It would be nice if they supported detecting PII or had some kind of data loss prevention feature."
"For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives."
"Right now, we are waiting for improvement in the RBAC support for GitGuardian."
"There is room for improvement in its integration for bug-tracking. It should be more direct. They have invested a lot in user management, but they need to invest in integrations. That is a real lack."
"It could be easier. They have a CLI tool that engineers can run on their laptops, but getting engineers to install the tool is a manual process. I would like to see them have it integrated into one of those developer tools, e.g., VS Code or JetBrains, so developers don't have to think about it."
"There is room for improvement in GitGuardian on Azure DevOps. The implementation is a bit hard there. This is one of the things we requested help with. I would not say their support is not good, but they need them to improve in helping customers on that side."
"One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs."
"The platform can be challenging to navigate and has the potential for improvement."
"There is no AIP for Linux systems. That's a setback. Another thing it's lacking is libraries to work with Python. It has libraries for C# and C++, for example, but not for Python and, these days, Python is very useful."
"The solution should provide better integration with other systems."
"A site can have different containers where you store data. We have always wanted to apply compliance, labels, and policies at the container level, rather than to an outer shell or at the site level. That is something we have been looking forward to and I believe Microsoft is already planning something like that."
"They do not provide language options beyond the ones already available, so our language option is missing."
"Technical support is awful."
"I would like Microsoft Purview Data Loss Prevention to be on the source code or SQL databases. It is difficult to do classification and labeling when you have a third-party source code or a third-party Oracle database. It is seamless when it comes to Microsoft documents but is not so with third-party source codes. Microsoft needs to work on it a little bit more."
GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.
Widely adopted by developer communities, GitGuardian is used by more than 200 thousand developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.
GitGuardian Platform includes automated secrets detection and remediation. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.
Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.
GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.
The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.
At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. Our mission is grounded in both the world in which we live and the future we strive to create. Today, we live in a mobile-first, cloud-first world, and the transformation we are driving across our businesses is designed to enable Microsoft and our customers to thrive in this world.
GitGuardian Internal Monitoring is ranked 5th in Data Loss Prevention (DLP) with 16 reviews while Microsoft Purview Data Loss Prevention is ranked 4th in Data Loss Prevention (DLP) with 7 reviews. GitGuardian Internal Monitoring is rated 9.0, while Microsoft Purview Data Loss Prevention is rated 8.0. The top reviewer of GitGuardian Internal Monitoring writes "Even before a commit gets to GitHub, the CLI identifies secrets within the code and prevents the commit". On the other hand, the top reviewer of Microsoft Purview Data Loss Prevention writes "Integrates well, connects with iOS and Android devices, and takes into account critical regulations from around the world". GitGuardian Internal Monitoring is most compared with SonarQube, Cycode, Snyk, Veracode and Checkmarx, whereas Microsoft Purview Data Loss Prevention is most compared with Symantec Data Loss Prevention, Forcepoint Data Loss Prevention, Microsoft Intune, Amazon Macie and Zscaler Cloud DLP. See our GitGuardian Internal Monitoring vs. Microsoft Purview Data Loss Prevention report.
See our list of best Data Loss Prevention (DLP) vendors.
We monitor all Data Loss Prevention (DLP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.