GitGuardian Platform prioritizes incidents in our workflow through automated validity checks. There are high risk, low risk, and medium risk incidents raised, and the infosec team prioritizes them and approaches us, the developers who pushed those changes, to fix them accordingly. GitGuardian Platform's public leakage detection influences our company's data security as a precaution. We are not sure if data might be exposed, but taking this precaution by scanning the repositories is crucial. A cyber attacker just needs one piece of data, so we ensure at least that one thing is secured. It is about cyber attack prevention, ensuring all our data remains safe. It rates the effectiveness of severity in incident management based on the severity of the change. This allows us to address the most important ones first. It checks what has been pushed from the code, raising a high-level vulnerability if database-related passwords are involved and reports it urgently. For low-level issues like hardcoded values for APIs, it is reported accordingly based on priority. I use GitGuardian Platform's automated playbooks for scanning. Productivity-wise, these playbooks help me know if I am going to push code with secrets. I am aware now, so I intentionally avoid that, ensuring I write good code. It increases my productivity by helping me fix issues proactively. If GitGuardian Platform were not here and vulnerabilities were discovered later, there could be severe consequences. Currently, that impact has been reduced, minimizing our efforts significantly through early precautions. Our organization is currently innovating on the AI side, which includes creating a custom agent to fix vulnerabilities, similar to GitHub Copilot. This agent automates changes required based on GitGuardian Platform scanning, closing incidents directly. This support reduces our efforts and timelines. Fixing vulnerabilities now takes approximately 60% less time. If fixing took ten days, I now do it in six. I am not sure about multi-vault integration because I am just a developer using it to fix my code changes. I am not sure if I am using GitGuardian Platform's Honey Tokens feature. I would rate this product an 8.5 overall.
I will rate GitGuardian Public Monitoring a seven out of ten. The reason for this rating is that I wish they could have an agent embedded into their system that helps to identify real credentials from mock credentials, as this sometimes causes false alarms. We are users of the product with no partnerships with GitGuardian Public Monitoring. They can contact me regarding any questions about this review. I am open to anything that benefits the community and makes everything better.
Application Security Engineer at a energy/utilities company with 10,001+ employees
Real User
Mar 5, 2024
I would rate GitGuardian Public Monitoring nine out of ten. Once deployed GitGuardian will only require minimal maintenance. For organizations that don't prioritize secret detection, deploying honeytokens can be a wake-up call. They'll quickly see the importance of implementing secret detection measures. Secret detection is crucial for a security program aimed at application developers. Exposing secrets in code is akin to giving away your house keys. I recommend evaluating GitGuardian Public Monitoring through a trial, similar to our experience. This was very helpful in understanding the system, developing workflows, and determining how we could best utilize it. Unfortunately, when I was assigned to work with it, I didn't receive any initial training. My manager simply informed me that we would be using the tool. While I was able to learn it independently, a demo or introduction from GitGuardian beforehand would have been beneficial. This would have allowed me to explore the functionalities before diving in and figuring things out on my own. I recommend GitGuardian Public Monitoring to others.
My advice would be to compare this solution with open-source solutions. If you're not convinced about GitGuardian, benchmark it with other tools. Open-source tools are nice because most of the time they're free, if you don't take the support. But if you compare GitGuardian with other solutions, you will see that the efficiency is really not the same. If a colleague in security said to me that secrets detection is not a priority, I would say that's a mistake. Most of the big security problems come from either social engineering attacks or credential stuffing. So it's really important to know that your engineers and your employees are going to leak secrets. That's life. Most of the time, it's due to mistakes. But if it happens, we need to act on it, and a solution such as GitGuardian is a really nice way to monitor and really efficiently detect these leaks. Secrets detection is important to a security program for application development, especially if your company is growing and you have a lot of engineers. The more engineers there are, the more there is potential for leaks to happen. There is no maintenance of the solution on our side, except for putting the GitHub API token inside Gitguardian so that it has access to our repositories to detect potential secrets.
GitGuardian is a comprehensive platform focused on enhancing Non-Human Identity security by integrating Secrets Security and Secrets Observability to detect and manage secrets across development environments.
As cybersecurity threats increasingly target NHIs like service accounts and applications, GitGuardian offers a robust solution by supporting over 450 types of secrets and deploying honeytokens for additional defense. Trusted by leading organizations and developers, its monitoring and...
GitGuardian Platform prioritizes incidents in our workflow through automated validity checks. There are high risk, low risk, and medium risk incidents raised, and the infosec team prioritizes them and approaches us, the developers who pushed those changes, to fix them accordingly. GitGuardian Platform's public leakage detection influences our company's data security as a precaution. We are not sure if data might be exposed, but taking this precaution by scanning the repositories is crucial. A cyber attacker just needs one piece of data, so we ensure at least that one thing is secured. It is about cyber attack prevention, ensuring all our data remains safe. It rates the effectiveness of severity in incident management based on the severity of the change. This allows us to address the most important ones first. It checks what has been pushed from the code, raising a high-level vulnerability if database-related passwords are involved and reports it urgently. For low-level issues like hardcoded values for APIs, it is reported accordingly based on priority. I use GitGuardian Platform's automated playbooks for scanning. Productivity-wise, these playbooks help me know if I am going to push code with secrets. I am aware now, so I intentionally avoid that, ensuring I write good code. It increases my productivity by helping me fix issues proactively. If GitGuardian Platform were not here and vulnerabilities were discovered later, there could be severe consequences. Currently, that impact has been reduced, minimizing our efforts significantly through early precautions. Our organization is currently innovating on the AI side, which includes creating a custom agent to fix vulnerabilities, similar to GitHub Copilot. This agent automates changes required based on GitGuardian Platform scanning, closing incidents directly. This support reduces our efforts and timelines. Fixing vulnerabilities now takes approximately 60% less time. If fixing took ten days, I now do it in six. I am not sure about multi-vault integration because I am just a developer using it to fix my code changes. I am not sure if I am using GitGuardian Platform's Honey Tokens feature. I would rate this product an 8.5 overall.
I will rate GitGuardian Public Monitoring a seven out of ten. The reason for this rating is that I wish they could have an agent embedded into their system that helps to identify real credentials from mock credentials, as this sometimes causes false alarms. We are users of the product with no partnerships with GitGuardian Public Monitoring. They can contact me regarding any questions about this review. I am open to anything that benefits the community and makes everything better.
I would rate GitGuardian Public Monitoring nine out of ten. Once deployed GitGuardian will only require minimal maintenance. For organizations that don't prioritize secret detection, deploying honeytokens can be a wake-up call. They'll quickly see the importance of implementing secret detection measures. Secret detection is crucial for a security program aimed at application developers. Exposing secrets in code is akin to giving away your house keys. I recommend evaluating GitGuardian Public Monitoring through a trial, similar to our experience. This was very helpful in understanding the system, developing workflows, and determining how we could best utilize it. Unfortunately, when I was assigned to work with it, I didn't receive any initial training. My manager simply informed me that we would be using the tool. While I was able to learn it independently, a demo or introduction from GitGuardian beforehand would have been beneficial. This would have allowed me to explore the functionalities before diving in and figuring things out on my own. I recommend GitGuardian Public Monitoring to others.
My advice would be to compare this solution with open-source solutions. If you're not convinced about GitGuardian, benchmark it with other tools. Open-source tools are nice because most of the time they're free, if you don't take the support. But if you compare GitGuardian with other solutions, you will see that the efficiency is really not the same. If a colleague in security said to me that secrets detection is not a priority, I would say that's a mistake. Most of the big security problems come from either social engineering attacks or credential stuffing. So it's really important to know that your engineers and your employees are going to leak secrets. That's life. Most of the time, it's due to mistakes. But if it happens, we need to act on it, and a solution such as GitGuardian is a really nice way to monitor and really efficiently detect these leaks. Secrets detection is important to a security program for application development, especially if your company is growing and you have a lot of engineers. The more engineers there are, the more there is potential for leaks to happen. There is no maintenance of the solution on our side, except for putting the GitHub API token inside Gitguardian so that it has access to our repositories to detect potential secrets.