I will rate GitGuardian Public Monitoring a seven out of ten. The reason for this rating is that I wish they could have an agent embedded into their system that helps to identify real credentials from mock credentials, as this sometimes causes false alarms. We are users of the product with no partnerships with GitGuardian Public Monitoring. They can contact me regarding any questions about this review. I am open to anything that benefits the community and makes everything better.
Application Security Engineer at a energy/utilities company with 10,001+ employees
Real User
Top 20
2024-03-05T20:29:00Z
Mar 5, 2024
I would rate GitGuardian Public Monitoring nine out of ten. Once deployed GitGuardian will only require minimal maintenance. For organizations that don't prioritize secret detection, deploying honeytokens can be a wake-up call. They'll quickly see the importance of implementing secret detection measures. Secret detection is crucial for a security program aimed at application developers. Exposing secrets in code is akin to giving away your house keys. I recommend evaluating GitGuardian Public Monitoring through a trial, similar to our experience. This was very helpful in understanding the system, developing workflows, and determining how we could best utilize it. Unfortunately, when I was assigned to work with it, I didn't receive any initial training. My manager simply informed me that we would be using the tool. While I was able to learn it independently, a demo or introduction from GitGuardian beforehand would have been beneficial. This would have allowed me to explore the functionalities before diving in and figuring things out on my own. I recommend GitGuardian Public Monitoring to others.
My advice would be to compare this solution with open-source solutions. If you're not convinced about GitGuardian, benchmark it with other tools. Open-source tools are nice because most of the time they're free, if you don't take the support. But if you compare GitGuardian with other solutions, you will see that the efficiency is really not the same. If a colleague in security said to me that secrets detection is not a priority, I would say that's a mistake. Most of the big security problems come from either social engineering attacks or credential stuffing. So it's really important to know that your engineers and your employees are going to leak secrets. That's life. Most of the time, it's due to mistakes. But if it happens, we need to act on it, and a solution such as GitGuardian is a really nice way to monitor and really efficiently detect these leaks. Secrets detection is important to a security program for application development, especially if your company is growing and you have a lot of engineers. The more engineers there are, the more there is potential for leaks to happen. There is no maintenance of the solution on our side, except for putting the GitHub API token inside Gitguardian so that it has access to our repositories to detect potential secrets.
GitGuardian Platform offers powerful secret detection capabilities with features like internal monitoring and dev in the loop. It's designed for high accuracy with AWS key detection and a low false-positive rate, ensuring quick remediation through an easy-to-use interface and fast alert system.Renowned for its comprehensive secret management, GitGuardian Platform effectively detects secrets in real-time, significantly boosting data security and incident management for organizations. Automated...
I will rate GitGuardian Public Monitoring a seven out of ten. The reason for this rating is that I wish they could have an agent embedded into their system that helps to identify real credentials from mock credentials, as this sometimes causes false alarms. We are users of the product with no partnerships with GitGuardian Public Monitoring. They can contact me regarding any questions about this review. I am open to anything that benefits the community and makes everything better.
I would rate GitGuardian Public Monitoring nine out of ten. Once deployed GitGuardian will only require minimal maintenance. For organizations that don't prioritize secret detection, deploying honeytokens can be a wake-up call. They'll quickly see the importance of implementing secret detection measures. Secret detection is crucial for a security program aimed at application developers. Exposing secrets in code is akin to giving away your house keys. I recommend evaluating GitGuardian Public Monitoring through a trial, similar to our experience. This was very helpful in understanding the system, developing workflows, and determining how we could best utilize it. Unfortunately, when I was assigned to work with it, I didn't receive any initial training. My manager simply informed me that we would be using the tool. While I was able to learn it independently, a demo or introduction from GitGuardian beforehand would have been beneficial. This would have allowed me to explore the functionalities before diving in and figuring things out on my own. I recommend GitGuardian Public Monitoring to others.
My advice would be to compare this solution with open-source solutions. If you're not convinced about GitGuardian, benchmark it with other tools. Open-source tools are nice because most of the time they're free, if you don't take the support. But if you compare GitGuardian with other solutions, you will see that the efficiency is really not the same. If a colleague in security said to me that secrets detection is not a priority, I would say that's a mistake. Most of the big security problems come from either social engineering attacks or credential stuffing. So it's really important to know that your engineers and your employees are going to leak secrets. That's life. Most of the time, it's due to mistakes. But if it happens, we need to act on it, and a solution such as GitGuardian is a really nice way to monitor and really efficiently detect these leaks. Secrets detection is important to a security program for application development, especially if your company is growing and you have a lot of engineers. The more engineers there are, the more there is potential for leaks to happen. There is no maintenance of the solution on our side, except for putting the GitHub API token inside Gitguardian so that it has access to our repositories to detect potential secrets.