Challenges
Solution
Results
What is most valuable?
Key quote
What’s next
What is our primary use case?
We use GitGuardian to check standard configurations and scan for possible leaked secrets. Developers and software engineers sometimes commit to AWS keys, login credentials, SMTP databases, and other secrets.
How has it helped my organization?
Given the size of our operation, there's a lot of work to do on the security side in GitHub alone. GitGuardian enables us to avoid leaks in the source code on the GitHub side and helps devise a plan to fix them. Sometimes it doesn't find the leak, but it identifies the type of leak. The solution typically does an excellent job on that part. We can locate the crucial leaks and try to remediate those first. GitGuardian makes the job easier and faster.
What is most valuable?
The entire GitGuardian solution is valuable. The product is doing its job and showing us many things. We get many false positives, but the ability to automatically display potential leaks when developers commit is valuable. The dashboards show us recent and historical commits, and we have a full scan that shows historical leaked secrets.
What needs improvement?
GitGuardian could have more detailed information on what software engineers can do. It only provides some highly generic feedback when a secret is detected. They should have outside documentation. We send this to our software engineers, who are still doing the commits. It's the wrong way to work, but they are accustomed to doing it this way. When they go into that ticket, they see a few instructions that might be confusing. If I see a leaked secret committed two years ago, it's not enough to undo that commit. I need to go in there, change all my code to utilize GitHub secrets, and go on AWS to validate my key.
For how long have I used the solution?
I have used GitGuardian for around six months.
What do I think about the stability of the solution?
GitGuardian is stable for our use case.
What do I think about the scalability of the solution?
We have almost a thousand report stores, and it scans correctly, so we don't face any scaling issues.
How are customer service and support?
Which solution did I use previously and why did I switch?
How was the initial setup?
What about the implementation team?
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
I don't remember the specifics of the contract, but we have a one-year license for a set number of developers. It's reasonably priced.
Which other solutions did I evaluate?
What other advice do I have?
I rate GitGuardian a ten out of ten. It's a user-friendly product that's ready to go. You don't need anything besides the initial onboarding training to use this tool. If you are concerned about your security and want something ready to go, GitGuardian is an excellent option for a fair price. I recommend it. GitGuardian is a better choice than an open source solution if you are serious about preventing leaks on GitHub and your developers lack security awareness.
.svg)
