The main disadvantage I feel they should improve upon is that apart from flagging credential issues or secrets, they could incorporate something else to make it more dynamic. If their product focuses majorly on secrets leaking, similar to Amazon Macie, they could expand their capabilities. Amazon Macie primarily flags secrets being exposed over the internet. For example, we use Dependabot for code review. Dependabot helps us follow best practices such as code quality and code analysis, as we cannot manually check 10,000 lines of code to ensure they follow structural standards. If GitGuardian Public Monitoring could incorporate code analysis into their system, not just for secrets alone, it would make them more dynamic. This would allow users to have just one tool instead of multiple third-party tools running in GitHub. It would reduce management overhead as you wouldn't have to manage multiple tools.
Application Security Engineer at a energy/utilities company with 10,001+ employees
Real User
Top 20
Mar 5, 2024
I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers.
I would like to see improvement in some of the user interface features. Some things are not that easy to use. The most impactful is the occurrences feature. When one secret is leaked in multiple files or multiple repositories, it will appear on the dashboard. But when you click on that secret, all the occurrences will appear on the page. It would be better to have one secret per occurrence, directly, so that we don't have to click to get to the list of all the occurrences.
GitGuardian is a comprehensive platform focused on enhancing Non-Human Identity security by integrating Secrets Security and Secrets Observability to detect and manage secrets across development environments.As cybersecurity threats increasingly target NHIs like service accounts and applications, GitGuardian offers a robust solution by supporting over 450 types of secrets and deploying honeytokens for additional defense. Trusted by leading organizations and developers, its monitoring and...
The main disadvantage I feel they should improve upon is that apart from flagging credential issues or secrets, they could incorporate something else to make it more dynamic. If their product focuses majorly on secrets leaking, similar to Amazon Macie, they could expand their capabilities. Amazon Macie primarily flags secrets being exposed over the internet. For example, we use Dependabot for code review. Dependabot helps us follow best practices such as code quality and code analysis, as we cannot manually check 10,000 lines of code to ensure they follow structural standards. If GitGuardian Public Monitoring could incorporate code analysis into their system, not just for secrets alone, it would make them more dynamic. This would allow users to have just one tool instead of multiple third-party tools running in GitHub. It would reduce management overhead as you wouldn't have to manage multiple tools.
I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers.
I would like to see improvement in some of the user interface features. Some things are not that easy to use. The most impactful is the occurrences feature. When one secret is leaked in multiple files or multiple repositories, it will appear on the dashboard. But when you click on that secret, all the occurrences will appear on the page. It would be better to have one secret per occurrence, directly, so that we don't have to click to get to the list of all the occurrences.