• Home
  • GitGuardian Platform vs. Invicti

GitGuardian Platform vs Invicti comparison

Cancel
You must select at least 2 products to compare!
GitGuardian Logo
GitGuardian Platform
Read 23 GitGuardian Platform reviews
2,404 views|386 comparisons
100% willing to recommend
Invicti Logo
Invicti
Read 25 Invicti reviews
3,398 views|1,746 comparisons
96% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
GitGuardian Platform vs. Invicti
May 2024
Executive Summary

We performed a comparison between GitGuardian Platform and Invicti based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed GitGuardian Platform vs. Invicti Report (Updated: May 2024).
Download the complete report
771,157 professionals have used our research since 2012.
Featured Review
Tyler Oelking
Helps increase productivity and identify and prioritize security incidents
GitGuardian's detection capabilities are good. The accuracy of detections and the false positive rate are good. It has improved the abilities of... Read more →
Amr Abdelnaser
A safe solution used to detective vulnerabilities for dynamic and complex testing
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous.""You can also assign tasks to specific teams or people to complete, such as assigning something to the "blue team" or saying that this person needs to do this, and that person needs to do that. That is a great feature because you can actually manage your team internally in GitGuardian.""When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history.""It enables us to identify leaks that happened in the past and remediate current leaks as they happen in near real-time. When I say "near real-time," I mean within minutes. These are industry-leading remediation timelines for credential leaks. Previously, it might have taken companies years to get credentials detected or remediated. We can do it in minutes.""GitGuardian has also helped us develop a security-minded culture. We're serious about shift left and getting better about code security. I think a lot of people are getting more mindful about what a secret is.""I like that GitGuardian automatically notifies the developer who committed the change. The security team doesn't need to act as the intermediary and tell the developer there is an alert. The alert goes directly to the developer.""The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there.""There is quite a lot to like. Its user interface is fantastic, and being able to sort the incidents by whether they are valid or for a certain repository or a certain user has been very beneficial in helping investigate what has been found."

More GitGuardian Platform Pros →

"High level of accuracy and quick scanning.""I am impressed by the whole technology that they are using in this solution. It is really fast. When using netscan, the confirmation that it gives on the vulnerabilities is pretty cool. It is really easy to configure a scan in Netsparker Web Application Security Scanner. It is also really easy to deploy.""When we try to manually exploit the vulnerabilities, it often takes time to realize what's going on and what needs to be done.""Scan, proxify the application, and then detailed report along with evidence and remediations to problems.""The scanner is light on the network and does not impact the network when scans are running.""I am impressed with Invictus’ proof-based scanning. The solution has reduced the incidence of false positive vulnerabilities. It has helped us reduce our time and focus on vulnerabilities.""It has a comprehensive resulting mechanism. It is a one-stop solution for all your security testing mechanisms.""The most attractive feature was the reporting review tool. The reporting review was very impressive and produced very fruitful reports."

More Invicti Pros →

Cons
"I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing.""GitGuardian's hook and dashboard scanners are the two entities. They should work together as one. We've seen several discrepancies where the hook is not being flagged on the dashboard. I still think they need to do some fine-tuning around that. We don't want to waste time.""The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a quote took two or three weeks. We paid for it in December but have not settled that payment yet.""It would be nice if they supported detecting PII or had some kind of data loss prevention feature.""GitGuardian could have more detailed information on what software engineers can do. It only provides some highly generic feedback when a secret is detected. They should have outside documentation. We send this to our software engineers, who are still doing the commits. It's the wrong way to work, but they are accustomed to doing it this way. When they go into that ticket, they see a few instructions that might be confusing. If I see a leaked secret committed two years ago, it's not enough to undo that commit. I need to go in there, change all my code to utilize GitHub secrets, and go on AWS to validate my key.""Right now, we are waiting for improvement in the RBAC support for GitGuardian.""Automated Jira tickets would be fantastic. At the moment, I believe we have to go in and click to create a Jira ticket. It would be nice to automate.""There are some features that are lacking in GitGuardian. The more we grow and the more engineers we have, the more it will become difficult to assign an incident because the assignment is not automatic. I know they are working on that and we are waiting for it."

More GitGuardian Platform Cons →

"They don't really provide the proof of concept up to the level that we need in our organization. We are a consultancy firm, and we provide consultancy for the implementation and deployment solutions to our customers. When you run the scans and the scan is completed, it only shows the proof of exploit, which really doesn't work because the tool is running the scan and exploiting on the read-only form. You don't really know whether it is actually giving the proof of exploit. We cannot prove it manually to a customer that the exploit is genuine. It is really hard to perform it manually and prove it to the concerned development, remediation, and security teams. It is currently missing the static application security part of the application security, especially web application security. It would be really cool if they can integrate a SAS tool with their dynamic one.""The solution needs to make a more specific report.""The licensing model should be improved to be more cost-effective. There are URL restrictions that consume our license. Compared to other DAST solutions and task tools like WebInspect and Burp Enterprise, Invicti is very expensive. The solution’s scanning time is also very long compared to other DAST tools. It might be due to proof-based scanning.""It would be better for listing and attacking Java-based web applications to exploit vulnerabilities.""The scannings are not sufficiently updated.""The license could be better. It would help if they could allow us to scan multiple URLs on the same license. It's a major hindrance that we are facing while scanning applications, and we have to be sure that the URLs are the same and not different so that we do not end up consuming another license for it. Netsparker is one of the costliest products in the market. The licensing is tied to the URL, and it's restricted. If you have a URL that you scanned once, like a website, you cannot retry that same license. If you are scanning the same website but in a different domain or different URL, you might end up paying for a second license. It would also be better if they provided proper support for multi-factor authentications. In the next release, I would like them to include good multi-factor authentication support.""I think that it freezes without any specific reason at times. This needs to be looked into.""The custom attack preparation screen might be improved."

More Invicti Cons →

Pricing and Cost Advice
  • "We don't have a huge number of users, but its yearly rate was quite reasonable when compared to other per-seat solutions that we looked at... Having a free plan for a small number of users was really great. If you're a small team, I don't see why you wouldn't want to get started with it."
  • "It's a little bit expensive."
  • "You get what you pay for. It's one of the more expensive solutions, but it is very good, and the low false positive rate is a really appealing factor."
  • "The pricing and licensing are fair. It isn't very expensive and it's good value."
  • "The internal side is cheap per user. It is annual pricing based on the number of users."
  • "We have seen a return on investment. The amount of time that we would have spent manually doing this definitely outpaces the cost of GitGuardian. It is saving us about $35,000 a year, so I would say the ROI is about $20,000 a year."
  • "It could be cheaper. When GitHub secrets monitoring solution goes to general access and general availability, GitGuardian might be in a little bit of trouble from the competition, and maybe then they might lower their prices. The GitGuardian solution is great. I'm just concerned that they're not GitHub."
  • "It's not cheap, but it's not crazy expensive either."

    • More GitGuardian Platform Pricing and Cost Advice →

  • "It is competitive in the security market."
  • "OWASP Zap is free and it has live updates, so that's a big plus."
  • "We never had any issues with the licensing; the price was within our assigned limits."
  • "I think that price it too high, like other Security applications such as Acunetix, WebInspect, and so on."
  • "The price should be 20% lower"
  • "Netsparker is one of the costliest products in the market. It would help if they could allow us to scan multiple URLs on the same license."
  • "We are using an NFR license and I do not know the exact price of the NFR license. I think 20 FQDN for three years would cost around 35,000 US Dollars."
  • "Invicti is best suited for large enterprises. I don't think small and medium-sized businesses can afford it. Maintenance costs aren't that great."

    • More Invicti Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    771,157 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about GitGuardian Internal Monitoring ?
    Top Answer:It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smaller… more »
    Read all 15 answers   →
    What is your experience regarding pricing and costs for GitGuardian Inter...
    Top Answer:The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a… more »
    Read all 13 answers   →
    What needs improvement with GitGuardian Internal Monitoring ?
    Top Answer:GitGuardian had a really nice feature that allowed you to compare all the public GitHub repositories against your code base and see if your code leaked. They discontinued it for some reason about… more »
    Read all 15 answers   →
    What is your experience regarding pricing and costs for Netsparker Web Ap...
    Top Answer:The solution is very expensive. It comes with a yearly subscription. We were paying 6000 dollars yearly for unlimited scans. We have three licenses; basic, business, and ultimate. We need ultimate… more »
    Read all 5 answers   →
    What do you like most about Invicti?
    Top Answer:The most valuable feature of Invicti is getting baseline scanning and incremental scan.
    Read all 7 answers   →
    What needs improvement with Invicti?
    Top Answer:The solution's false positive analysis and vulnerability analysis libraries could be improved.
    Read all 7 answers   →
    Ranking
    8th
    out of 74 in Application Security Tools
    Views
    2,404
    Comparisons
    386
    Reviews
    14
    Average Words per Review
    1,332
    Rating
    9.0
    20th
    out of 74 in Application Security Tools
    Views
    3,398
    Comparisons
    1,746
    Reviews
    5
    Average Words per Review
    340
    Rating
    8.6
    Comparisons
    Also Known As
    GitGuardian Internal Monitoring
    Mavituna Netsparker
    Learn More
    GitGuardian
    Invicti
    Overview

    GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.

    Widely adopted by developer communities, GitGuardian is used by more than 500,000 developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading companies, including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW: Pensions, and Stedi.

    GitGuardian Platform includes automated secrets detection and remediation. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.

    Its detection engine is trained against more than a billion public GitHub commits every year, and it covers 350+ types of secrets such as API keys, database connection strings, private keys, certificates, and more.

    GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents fast and in full. By pulling developers closer to the remediation process, organizations can achieve higher incident closing rates and shorter fix times.

    The platform integrates across the DevOps toolchain, including native support for continuously scanning VCS platforms like GitHub, Gitlab, Azure DevOps and Bitbucket or CI/CD tools like Jenkins, CircleCI, Travis CI, GitLab pipelines, and many more. It also integrates with ticketing and messaging systems like Splunk, PagerDuty, Jira and Slack to support teams with their incident remediation workflows. GitGuardian is offered as a SaaS platform but can also be hosted on-premise for organizations operating in highly regulated industries or with strict data privacy requirements.

    Invicti helps DevSecOps teams automate security tasks and save hundreds of hours each month by identifying web vulnerabilities that matter. Combining dynamic with interactive testing (DAST + IAST) and software composition analysis (SCA), Invicti scans every corner of an app to find what other tools miss with 99.98% accuracy, delivering on the promise of Zero Noise AppSec. Invicti helps discover all web assets — even ones that are lost, forgotten, or created by rogue departments. With an array of out-of-the-box integrations, DevSecOps teams can get ahead of their workloads to hit critical deadlines, improve processes, and communicate more effectively while reducing risk and hitting the ROI goals.

    Sample Customers
    Automox, 66degrees (ex Cloudbakers), Iress, Now:Pensions, Payfit, Orange, BouyguesTelecom, Seequent, Stedi, Talend, Snowflake... 
    Samsung, The Walt Disney Company, T-Systems, ING Bank
    Top Industries
    REVIEWERS
    Computer Software Company28%
    Insurance Company11%
    Wholesaler/Distributor11%
    Comms Service Provider11%
    VISITORS READING REVIEWS
    Comms Service Provider21%
    Computer Software Company15%
    Financial Services Firm9%
    Media Company8%
    REVIEWERS
    Computer Software Company40%
    Financial Services Firm20%
    Aerospace/Defense Firm10%
    Real Estate/Law Firm10%
    VISITORS READING REVIEWS
    Educational Organization51%
    Financial Services Firm8%
    Computer Software Company7%
    Manufacturing Company5%
    Company Size
    REVIEWERS
    Small Business36%
    Midsize Enterprise28%
    Large Enterprise36%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise12%
    Large Enterprise62%
    REVIEWERS
    Small Business52%
    Midsize Enterprise12%
    Large Enterprise36%
    VISITORS READING REVIEWS
    Small Business8%
    Midsize Enterprise58%
    Large Enterprise34%
    Buyer's Guide
    GitGuardian Platform vs. Invicti
    May 2024
    Free Report: GitGuardian Platform vs. Invicti
    Find out what your peers are saying about GitGuardian Platform vs. Invicti and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,157 professionals have used our research since 2012.

    GitGuardian Platform is ranked 8th in Application Security Tools with 23 reviews while Invicti is ranked 20th in Application Security Tools with 25 reviews. GitGuardian Platform is rated 9.0, while Invicti is rated 8.2. The top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". On the other hand, the top reviewer of Invicti writes "A customizable security testing solution with good tech support, but the price could be better". GitGuardian Platform is most compared with SonarQube, Cycode, GitHub Advanced Security, Snyk and Microsoft Purview Data Loss Prevention, whereas Invicti is most compared with OWASP Zap, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and Veracode. See our GitGuardian Platform vs. Invicti report.

    See our list of best Application Security Tools vendors and best Static Application Security Testing (SAST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.