"It has increased the security team's productivity by shifting more responsibilities to the developers"

We noticed a problem with developers putting secrets in their code, and we needed a solution for this. I had previously used GitGuardian in my own hobby projects, so I knew what it was all about. I was asked to look into alternatives to ensure we had considered every possibility, but we quickly found that GitGuardian was the right solution for our use case. The company has around 100 users. 

Using GitGuardian has made developers more aware of secrets. The senior leadership at the company is impressed with how well GitGuardian works. We've also heard some good comments about how snappy the website is. We do not have a shift-left culture at our company, but we are moving toward it, and GitGuardian definitely helps with this. 

I like GitGuardian's instant response. When you have an incident, it's reported immediately. The interface gives you a great overview of your current leaked secrets. It's easy to reduce the false positive rate because we can customize the detection rules to be as granular as we want. We can set up rules to say certain things should never be detected. We're happy with the false positive rate, but we notice a lot from our test certificates in our code. There is no clear way to define if a certificate is a test certificate apart from the name. I think it's a good thing that they have these false positives rather than false negatives.

GitGuardian encompasses many secrets that companies might have, but we are a Microsoft-only organization, so there are some limitations there in terms of their honey tokens. I'd like for it to not be limited to Amazon-based tokens. It would be nice to see a broader set of providers that you could pick from. 

The company has only been using GitGuardian for a couple of months now, but I have used it for many years.

I rate GitGuardian nine out of ten for stability. 

I rate GitGuardian ten out of ten for scalability.

I rate GitGuardian support ten out of ten. We had some issues with GitGuardian failing to detect some secrets. We contacted support. They resolved the problem swiftly and kept us informed throughout the process. They started the process of creating a new detection, and it's a new feature that they're working on. 

I previously used some open-source solutions, but they were not quite on par with GitGuardian. An open-source solution is only as good as the developers maintaining it. The developers maintaining it are not paid to maintain it, unlike those who are paid to keep a commercial solution updated. The paid solutions are way better.

GitGuardian is a SaaS platform, so you don't need to deploy it. It's just a matter of onboarding users. It doesn't require any maintenance on our side. 

We have only used GitGuardian for four months, so it's hard to calculate a return. However, it will save us a lot of headaches with the new EU regulations in the long run. 

When we're talking about security, there is no price that is too high to keep a company safe.

I rate GitGuardian nine out of ten. A secrets detection program is one of the most critical things in application development. It's easy enough to implement GitGuardian, so you don't need to test it, but you can always go with a trial because you need to know if this is the right solution for you. It's so easy to get started with GitGuardian that you don't need to go through all the bureaucracy.