New Forrester Report: Show, Don’t Tell Your Developers How To Write Secure Code
Download ReportDownload Report

GitGuardian Internal Monitoring vs GitLab Secret Detection

Understand how GitGuardian Internal Monitoring compares with GitLab Secret Detection, so you can find the best fit for you.

Compare GitGuardian to GitLab Secret Detection
Arrow Down

Hey there! If you’re deep in the research process of choosing a new git secrets scanning solution then you’re probably looking to compare GitGuardian with other options to determine whether it might be right for you. To help make this as easy as possible, we’ve put together a detailed overview of how GitGuardian Internal Monitoring stacks up to GitLab’s secret scanning.

Before we dive into the comparison of the main features we first need to acknowledge the difference in business models between GitLab Secret Detection and GitGuardian Internal Monitoring.

The difference in business models

Most of GitLab's Application Security features, including secret scanning, are covered in the GitLab Ultimate license. The bundle includes:

Purchasing a GitLab Ultimate license for Application Security features might be a worthwhile decision if you are looking to deal with a single vendor for multiple security capabilities. There’s one caveat however, you are going without the in-depth coverage of best-of-breed solutions. For example, Snyk for open-source dependency scanning and GitGuardian for secret scanning will perform better in their respective areas. Ultimately, it comes down to choosing between the best possible coverage while dealing with multiple vendors or the convenience of dealing with a single vendor.

As mentioned above, GitLab Ultimate covers different elements of application security. This page will evaluate one feature of the package, Secret Detection.

Now let’s dive into how GitLab’s Secret Detection, based on the open source tool GitLeaks (for which we have a dedicated comparison) compares with GitGuardian's Internal Monitoring solution.

Let's compare!

The space is evolving quickly, and we make our best efforts to keep information on our competitors up to date. If you see any information that you consider outdated or unfair with our competitors, please contact us and we will immediately set the record straight!

General capabilities

(for both public and internal monitoring products)

GitGuardian

GitLab Secret Detection

Desktop Screen

Enriched interface and centralization of incidents

GitGuardian

GitLab Secret Detection

Rich UI with all data needed for investigation and remediation

Green Check

Yes

++ Results can be displayed in your GitLab Security Dashboard (see here).

JSON reports for all vulnerabilities are also available.

Only available with GitLab Ultimate plan.

InfoSec team view (global view)

Green Check

Yes

++ Results can be displayed in your GitLab Security Dashboard (see here).

Only available with GitLab Ultimate plan.

Developer view (local view)

Green Check

Yes

++ Developers can view pipelines’ security tab and reports in the merge request widget.

Only available with GitLab Ultimate plan.

← swipe left

Detection

Harvest candidates

Filter false positives

GitGuardian

GitLab Secret Detection

Regular expressions to match known, distinct patterns

Green Check

Yes - Over %ndet% secrets detectors (API keys, database connection strings, certificates, usernames and passwords, ...)

++ 20 types of secrets

Based on the ​​rulesets and key types of open-source tool GitLeaks.

High entropy checks to match credentials without distinct patterns and enter “paranoid” mode

Green Check

Yes, in combination with other techniques to get rid of false positives.

++ Supported. Very limited generic prefixes for API keys “api-”

No contextual analysis (= false-positive prone)

Contextual analysis

Green Check

Yes. The context of a presumed credential can help a lot to filter bad candidates (e.g. the import of an API wrapper is a strong indicator of a true positive).

Credential validity checks

Green Check

Yes, where feasible.

Dictionary of anti-patterns

Green Check

Yes - Ability to exclude folders such as test folders and filter certain credentials like those containing "EXAMPLE" or "QWERTY" in them (placeholders).

Feedback loop to constantly improve the algorithms

Green Check

Yes. Approx. %secrets-scanned-in-a-day% alerts sent per day!

Sensitive File names

Green Check

Sensitive filetypes raise specific alerts: policy breaks.

-- Not supported

Ability to define custom detectors

Green Check

Yes, but only through our support and if the detector can be deployed for all customers. Full ability to define custom detectors to be expected in H2 2021.

++ Yes, through GitLeaks customizable rulesets.

Only available with GitLab Ultimate plan.

← swipe left

Implementation method

GitGuardian

GitLab Secret Detection

Instance Level

Green Check

Yes

++ Yes, with GitLab Runner with the docker or Kubernetes executor

Org Level

Green Check

Yes, native GitHub app at organisation level (simple integration)

Individual repository level

Green Check

Yes, upon integration of a GHE organization, users can choose to:
- give access to only one repository in particular
- give access to all repositories (and the ones that will be created).

++ Yes, runs in the GitLab Pipeline of a given project, and in the MR widget

Secrets Detection API

Green Check

Core detection engine can be used to scan any type of text files (Slack messages, Gdivre, Jira tickets, etc.) More information: here

-- No secret detection API

← swipe left

Alerting

GitGuardian

GitLab Secret Detection

Real-time alerting

Green Check

Yes

Email alerting

Green Check

Yes

++ Yes, but only at the developer level for failed pipelines.

Splunk

Green Check

Native integration

-- Not supported

Integration with most common SIEMs or ITSMs

Green Check

Yes

Slack alerting

Green Check

Yes

-- Not supported

JIRA

Green Check

Native integration (Q4 2021)

++ Yes, if the JIRA integration is enabled on the specific project

Custom webhook to integrate anywhere

Green Check

Available to push alerts (JSON output format)

GitLab Issues

Red X

Not supported

++ Native integration

← swipe left

Incident Life Cycle Management

GitGuardian

GitLab Secret Detection

Collect and structure weak signals to prioritize incidents

Green Check

Yes - For example, credentials containing “admin” or “prod” in their context can be prioritized.

Ability to assign incidents / mark them as resolved / etc.

Green Check

Yes

Whitelisting

Green Check

Yes - Whitelist credentials or folders such as test folders.

++ Yes

Grouping / deduplication of alerts

Green Check

Yes - Multiple alerts related to the same leaked credential are grouped and can be resolved in a unified manner. No need to triage/resolve every single occurrence.

-- Not supported

REST API

Green Check

API to retrieve and update secrets incidents

-- Not supported

← swipe left

Reporting

GitGuardian

GitLab Secret Detection

In app

Green Check

Yes - Global Health Status, MTTD / MTTR, etc.

++ Limited, through the security dashboard.

Only available with GitLab Ultimate plan.

Data exporting

Green Check

Yes - Enriched data can be exported in CSV format.

++ Yes, in JSON format.

← swipe left

Security

GitGuardian

GitLab Secret Detection

SSO authentication

Green Check

Yes

++ Yes

RBAC

Green Check

Yes - Roles available: Owner / Manager (Admin) / Members.

-- No

Audit trail

Green Check

Yes

← swipe left

Get a demo

Public monitoring product

(On top of general capabilities)

GitGuardian

GitLab Secret Detection

Monitoring

GitGuardian

GitLab Secret Detection

Monitor all GitHub public activity, at scale

Green Check

Yes

Reliably filter public activity on GitHub that is linked with your company

Green Check

Yes - We have the ability to match developers, source code and companies using a unique combination of heuristics. Contact us, we will show you our results for your company!

Identify and monitor developers’ personal repositories

Green Check

Yes - This is where 80% of corporate leaks occur on GitHub.

← swipe left

Deployment
of the solution

GitGuardian

GitLab Secret Detection

Available in SaaS

Green Check

Yes

Available On Prem

Red X

No - GitGuardian Public Monitoring scans only public data, thus on prem is often not a requirement for our customers.

← swipe left

Get a demo

Internal monitoring product

(On top of general capabilities)

GitGuardian

GitLab Secret Detection

Integration with the Version Control System

GitGuardian

GitLab Secret Detection

GitHub native integration

Green Check

Yes - Integration at the GitHub Org level with the ability to select monitored repositories

GitLab native integration

Green Check

Yes - Integration at the instance level on full perimeter or at the group level

++ Yes, with GitLab Runner with the docker or Kubernetes executor, in the GitLab Pipeline of a given project, and in the MR widget.


Bitbucket native integration

Green Check

Yes - Bitbucket Server/Data Center customer only

← swipe left

SDLC stage scanning capabilities

GitGuardian

GitLab Secret Detection

Pre-commit

Green Check

Supported through GitGuardian Shield (view documentation here)

++ Supported via customization

Pre-push

Green Check

Supported through GitGuardian Shield (view documentation here)

++ Supported via customization

Pre-receive

Green Check

Supported but not recommended because "pre receive" can block developers and create friction

++ Supported via customization

Post-receive

Green Check

Yes, supported natively. Real-time incremental scanning.

++ Yes, but checks can only be included in your GitLab pipelines.

CI pipeline

Green Check

Natively integrates with GitLab pipelines, in addition to CircleCI, Travis CI, Drone CI...

-- Limited to GitLab pipelines

Full historical scan

Green Check

Yes, can be launched on-demand through the interface

++ Yes, can be configured to run as a job within your GitLab pipelines.

← swipe left

Secure the SDLC and more

GitGuardian

GitLab Secret Detection

Detection API to integrate anywhere in the SLDC and the tools developers use

Green Check

Yes - Integrate GitGuardian as a pre-commit or scan Slack messages for secrets using our API (that can be self-hosted)

-- No secret detection API

← swipe left

“Shift left”

GitGuardian

GitLab Secret Detection

Put the developer in the loop

Green Check

InfoSec can collect feedback from the developers directly in the dashboard and collaborate in order to remediate.

++ Limited collaboration possibilities.

“Auto-heal” incidents

Green Check

Developers have the ability to resolve certain incidents by themselves without involving InfoSec if not needed.

← swipe left

Alerting

GitGuardian

GitLab Secret Detection

Notification for the developer, directly in the VCS frontend

Green Check

Yes - GitHub only

← swipe left

Deployment of the solution

GitGuardian

GitLab Secret Detection

Available in SaaS

Green Check

Yes

++ Yes

Available On Prem

Green Check

Yes - For more than 200 developers or 30k$ annual contract

++ Yes

Pricing

Green Check

Individual developer: Free
Small team (<25 dev): Free
Enterprise (>25 dev): Yearly fee based on the number of developers included in the surveillance perimeter

← swipe left

Multi source scanning

GitGuardian

GitLab Secret Detection

VCS

Green Check

Integrates natively with GitHub, in addition to GitLab and Bitbucket.

++ Yes, limited to GitLab

Docker image scanning

Green Check

Yes

-- Not supported

Other sources

Green Check

REST API to scan any plain text by leveraging GitGuardian’s secrets detection engine.

-- Not supported

← swipe left

Get a demo

The short version

Choosing between GitLab Ultimate’s Secret Detection and GitGuardian Internal Monitoring is a choice between deciding if you want to deal with one vendor for multiple critical security disciplines or multiple vendors that have the most extensive coverage in their discipline.

The answer to what solution to buy will very much depend on your precise requirements and also what current tools and solutions you already have in place.

GitLab relies on gitleaks for secrets detection and this can put a lot of risk on your business since it is an open-source project maintained by a single individual and will require a lot of customization. On the other side, GitGuardian is a reliable company with a dedicated team maintaining its secrets detection engine and offering high-quality support to its customers.

To understand more and advise on your specific scenario please don’t hesitate to contact our sales team.

GitGuardian application dashboard

GitGuardian is best if:

  • You want the most comprehensive secret detection coverage across the board
  • Your organization is currently using different security tools for SAST or detecting vulnerabilities in dependencies, and you’re looking to add secrets detection to your existing tool belt rather than buying a generic code security solution
  • You want advanced remediation playbooks
  • You want to empower both security teams and developers
  • You want a tool to solve the secret sprawl in general and not only in GitLab.
Alternative service interface

GitLab Secret Detection is best if:

  • You want to deal with one code security vendor
  • You want to implement minimum security standards across multiple disciplines

Secured by GitGuardian

Schedule a demo

Schedule a demo!

Review your business needs with us and learn more about monitoring source code for secrets!