The main disadvantage I feel they should improve upon is that apart from flagging credential issues or secrets, they could incorporate something else to make it more dynamic. If their product focuses majorly on secrets leaking, similar to Amazon Macie, they could expand their capabilities. Amazon Macie primarily flags secrets being exposed over the internet. For example, we use Dependabot for code review. Dependabot helps us follow best practices such as code quality and code analysis, as we cannot manually check 10,000 lines of code to ensure they follow structural standards. If GitGuardian Public Monitoring could incorporate code analysis into their system, not just for secrets alone, it would make them more dynamic. This would allow users to have just one tool instead of multiple third-party tools running in GitHub. It would reduce management overhead as you wouldn't have to manage multiple tools.
Application Security Engineer at a energy/utilities company with 10,001+ employees
Real User
Top 20
2024-03-05T20:29:00Z
Mar 5, 2024
I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers.
I would like to see improvement in some of the user interface features. Some things are not that easy to use. The most impactful is the occurrences feature. When one secret is leaked in multiple files or multiple repositories, it will appear on the dashboard. But when you click on that secret, all the occurrences will appear on the page. It would be better to have one secret per occurrence, directly, so that we don't have to click to get to the list of all the occurrences.
GitGuardian Platform offers powerful secret detection capabilities with features like internal monitoring and dev in the loop. It's designed for high accuracy with AWS key detection and a low false-positive rate, ensuring quick remediation through an easy-to-use interface and fast alert system.Renowned for its comprehensive secret management, GitGuardian Platform effectively detects secrets in real-time, significantly boosting data security and incident management for organizations. Automated...
The main disadvantage I feel they should improve upon is that apart from flagging credential issues or secrets, they could incorporate something else to make it more dynamic. If their product focuses majorly on secrets leaking, similar to Amazon Macie, they could expand their capabilities. Amazon Macie primarily flags secrets being exposed over the internet. For example, we use Dependabot for code review. Dependabot helps us follow best practices such as code quality and code analysis, as we cannot manually check 10,000 lines of code to ensure they follow structural standards. If GitGuardian Public Monitoring could incorporate code analysis into their system, not just for secrets alone, it would make them more dynamic. This would allow users to have just one tool instead of multiple third-party tools running in GitHub. It would reduce management overhead as you wouldn't have to manage multiple tools.
I'm excited about the possibility of Public Postman scanning being integrated with GitGuardian in the future. Additionally, I'm interested in exploring the potential use of honeytokens, which seems like a compelling approach to lure and identify attackers.
I would like to see improvement in some of the user interface features. Some things are not that easy to use. The most impactful is the occurrences feature. When one secret is leaked in multiple files or multiple repositories, it will appear on the dashboard. But when you click on that secret, all the occurrences will appear on the page. It would be better to have one secret per occurrence, directly, so that we don't have to click to get to the list of all the occurrences.