📅 Webinar - Oct 5, 11AM EDT - DevOps backups vs. ransomware
Save my spot!Save my spot!

GitGuardian vs Yelp detect-secrets for secrets scanning

Understand how GitGuardian stacks against Yelp’s detect-secrets, so you can find the best fit for you.

Compare GitGuardian to Yelp detect-secrets
Arrow Down

Hey there!

If you’re deep in the research process of choosing a secrets scanning solution for your repositories then you’re probably looking to compare GitGuardian with other options to figure out . To help make this as easy as possible, we’ve put together a detailed overview of how GitGuardian compares to Yelp detect-secrets.

Below you’ll find a high level comparison of the main features, and even a set of cases where GitGuardian is not the best choice, and recommendations for when Yelp detect-secrets might be a better option for your needs!

Let's compare!

The space is evolving quickly, and we make our best efforts to keep information on our competitors up to date. If you see any information that you consider outdated or unfair with our competitors, please contact us and we will immediately set the record straight!

General capabilities

(for both public and internal monitoring products)

GitGuardian

Yelp detect-secrets

Desktop Screen

Enriched interface and centralization of incidents

GitGuardian

Yelp detect-secrets

Rich UI with all data needed for investigation and remediation

Green Check

Yes

-- No

InfoSec team view (global view)

Green Check

Yes

-- No

Developer view (local view)

Green Check

Yes

-- No

← swipe left

Detection

Harvest candidates

Filter false positives

GitGuardian

Yelp detect-secrets

Regular expressions to match known, distinct patterns

Green Check

Yes - Over %ndet% secrets detectors (API keys, database connection strings, certificates, usernames and passwords, ...)

++ Yes, only supports 20 types of secrets out-of-the-box

High entropy checks to match credentials without distinct patterns and enter “paranoid” mode

Green Check

Yes, in combination with other techniques to get rid of false positives.

++ Performs entropy checks to detect generic secrets

Contextual analysis

Green Check

Yes. The context of a presumed credential can help a lot to filter bad candidates (e.g. the import of an API wrapper is a strong indicator of a true positive).

Credential validity checks

Green Check

Yes, where feasible.

Dictionary of anti-patterns

Green Check

Yes - Ability to exclude folders such as test folders and filter certain credentials like those containing "EXAMPLE" or "QWERTY" in them (placeholders).

Feedback loop to constantly improve the algorithms

Green Check

Yes. Approx. %secrets-scanned-in-a-day% alerts sent per day!

Sensitive File names

Green Check

Sensitive filetypes raise specific alerts: policy breaks.

Ability to define custom detectors

Green Check

Yes, but only through our support and if the detector can be deployed for all customers. Full ability to define custom detectors to be expected in H2 2021.

Yes, secrets detection engine can be extended with plugins (requires custom development)

← swipe left

Implementation method

GitGuardian

Yelp detect-secrets

Instance Level

Green Check

Yes

Org Level

Green Check

Yes, native GitHub app at organisation level (simple integration)

Individual repository level

Green Check

Yes, upon integration of a GHE organization, users can choose to:
- give access to only one repository in particular
- give access to all repositories (and the ones that will be created).

Secrets Detection API

Green Check

Core detection engine can be used to scan any type of text files (Slack messages, Gdivre, Jira tickets, etc.) More information: here

← swipe left

Alerting

GitGuardian

Yelp detect-secrets

Real-time alerting

Green Check

Yes

Email alerting

Green Check

Yes

-- No

Splunk

Green Check

Native integration

-- No

Integration with most common SIEMs or ITSMs

Green Check

Yes

Slack alerting

Green Check

Yes

-- No

JIRA

Green Check

Native integration (Q4 2021)

-- No

Custom webhook to integrate anywhere

Green Check

Available to push alerts (JSON output format)

-- No

GitLab Issues

Red X

Not supported

← swipe left

Incident Life Cycle Management

GitGuardian

Yelp detect-secrets

Collect and structure weak signals to prioritize incidents

Green Check

Yes - For example, credentials containing “admin” or “prod” in their context can be prioritized.

Ability to assign incidents / mark them as resolved / etc.

Green Check

Yes

Whitelisting

Green Check

Yes - Whitelist credentials or folders such as test folders.

++ Yes

Grouping / deduplication of alerts

Green Check

Yes - Multiple alerts related to the same leaked credential are grouped and can be resolved in a unified manner. No need to triage/resolve every single occurrence.

-- Not supported

REST API

Green Check

API to retrieve and update secrets incidents

-- Not available

← swipe left

Reporting

GitGuardian

Yelp detect-secrets

In app

Green Check

Yes - Global Health Status, MTTD / MTTR, etc.

-- Not available

Data exporting

Green Check

Yes - Enriched data can be exported in CSV format.

-- Not available

← swipe left

Security

GitGuardian

Yelp detect-secrets

SSO authentication

Green Check

Yes

-- Not available

RBAC

Green Check

Yes - Roles available: Owner / Manager (Admin) / Members.

-- Not available

Audit trail

Green Check

Yes

-- Not available

← swipe left

Get a demo

Public monitoring product

(On top of general capabilities)

GitGuardian

Yelp detect-secrets

Monitoring

GitGuardian

Yelp detect-secrets

Monitor all GitHub public activity, at scale

Green Check

Yes

-- No

Reliably filter public activity on GitHub that is linked with your company

Green Check

Yes - We have the ability to match developers, source code and companies using a unique combination of heuristics. Contact us, we will show you our results for your company!

-- No, users should point at public repositories they want to scan.

Identify and monitor developers’ personal repositories

Green Check

Yes - This is where 80% of corporate leaks occur on GitHub.

-- No, users should point at public repositories or GitHub users they want to monitor.

← swipe left

Deployment
of the solution

GitGuardian

Yelp detect-secrets

Available in SaaS

Green Check

Yes

++ Open-source CLI and library

Available On Prem

Red X

No - GitGuardian Public Monitoring scans only public data, thus on prem is often not a requirement for our customers.

++ Open-source CLI and library

← swipe left

Get a demo

Internal monitoring product

(On top of general capabilities)

GitGuardian

Yelp detect-secrets

Integration with the Version Control System

GitGuardian

Yelp detect-secrets

GitHub native integration

Green Check

Yes - Integration at the GitHub Org level with the ability to select monitored repositories

-- No native integration with GitHub

GitLab native integration

Green Check

Yes - Integration at the instance level on full perimeter or at the group level

-- No native integration with GitLab

Bitbucket native integration

Green Check

Yes - Bitbucket Server/Data Center customer only

-- No native integration with BitBucket

← swipe left

SDLC stage scanning capabilities

GitGuardian

Yelp detect-secrets

Pre-commit

Green Check

Supported through GitGuardian Shield (view documentation here)

++ Supported out-of-the-box

Pre-push

Green Check

Supported through GitGuardian Shield (view documentation here)

++ Supported via customization

Pre-receive

Green Check

Supported but not recommended because "pre receive" can block developers and create friction

++ Supported via customization

Post-receive

Green Check

Yes, supported natively. Real-time incremental scanning.

-- No native integrations with the VCS for continuous scanning.

CI pipeline

Green Check

Natively integrates with GitLab pipelines, in addition to CircleCI, Travis CI, Drone CI...

++ Yes, can be performed via customization of the detect-secrets CLI.

Full historical scan

Green Check

Yes, can be launched on-demand through the interface

++ Yes, can be launched using the audit command from the CLI.

← swipe left

Secure the SDLC and more

GitGuardian

Yelp detect-secrets

Detection API to integrate anywhere in the SLDC and the tools developers use

Green Check

Yes - Integrate GitGuardian as a pre-commit or scan Slack messages for secrets using our API (that can be self-hosted)

++ The detect-secrets library can be used in Python scripts

← swipe left

“Shift left”

GitGuardian

Yelp detect-secrets

Put the developer in the loop

Green Check

InfoSec can collect feedback from the developers directly in the dashboard and collaborate in order to remediate.

“Auto-heal” incidents

Green Check

Developers have the ability to resolve certain incidents by themselves without involving InfoSec if not needed.

← swipe left

Alerting

GitGuardian

Yelp detect-secrets

Notification for the developer, directly in the VCS frontend

Green Check

Yes - GitHub only

-- Not available. Results are displayed in the terminal.

← swipe left

Deployment of the solution

GitGuardian

Yelp detect-secrets

Available in SaaS

Green Check

Yes

++ Open-source CLI and library

Available On Prem

Green Check

Yes - For more than 200 developers or 30k$ annual contract

++ Open-source CLI and library

Pricing

Green Check

Individual developer: Free
Small team (<25 dev): Free
Enterprise (>25 dev): Yearly fee based on the number of developers included in the surveillance perimeter

← swipe left

Multi source scanning

GitGuardian

Yelp detect-secrets

VCS

Green Check

Integrates natively with GitHub, in addition to GitLab and Bitbucket.

++ Yes, works with git repositories

Docker image scanning

Green Check

Yes

-- Not supported

Other sources

Green Check

REST API to scan any plain text by leveraging GitGuardian’s secrets detection engine.

-- Not supported

← swipe left

Get a demo

The short version

Choosing Yelp's detect-secrets or GitGuardian for secrets scanning boils down to the build vs buy question. As a popular open-source library and CLI, detect-secrets is a good base to build a simple secrets detection solution.

The answer to the build vs buy question depends on your precise requirements and the exact goals that you’re trying to achieve. For example, you might not need a rich dashboard or real-time scanning, which lowers the cost of building and maintaining your in-house secrets scanning tool. However, if you are looking to design a complete secrets detection program, you will have to carefully consider remediation and all the complexity it entails: alerting, incident lifecycle management, collaboration between security engineers and developers, etc.

GitGuardian application dashboard

GitGuardian is best if:

Alternative service interface

Yelp detect-secrets is best if:

  • You would rather build and maintain your own solution.
  • You have a developer team with a little more than 25 developers, few repositories or secrets to protect so it is not worth paying for a subscription.

Secured by GitGuardian

Schedule a demo

Schedule a demo!

Review your business needs with us and learn more about monitoring source code for secrets!