DevSecOps Blueprint: from Vulnerability Management and Security-by-Design to Pipeline Integrity

DOWNLOAD

DevSecOps Blueprint: from Vulnerability Management and Security-by-Design to Pipeline Integrity

DOWNLOAD

"Helped to decrease the overall false positive rate, but the authentication process has room for improvement"

Presently, we find the pre-commit hooks more useful.

Avatar

Selwyn Preston

Head of Engineering at a government with 1,001-5,000 employees

Software vendor currently using GitGuardian Public Monitoring

Avatar

Selwyn Preston

Head of Engineering at a government with 1,001-5,000 employees

  • Checkmark

    Review by a Real User

  • Verified

    Verified by PeerSpot

Challenges

Solution

Results

What is most valuable?

Key quote

What’s next

What is our primary use case?

We use the solution to detect any secret exposure.

How has it helped my organization?

The overall breadth of the solution is good. It's been able to detect most of the secrets that we have.

What is most valuable?

At the start, historical scanning was very useful because it was the first time we had done it. It allowed us to see how many secrets we had exposed. If we had only focused on current secrets, we would have missed all the secrets that had been committed in the past. So, initially, the historical scan was really useful.

What needs improvement?

It took us a while to get new patterns introduced into the pattern reporting process. If there is a way to automate this process so that we can include our own patterns in our repositories, that would be very useful.

For how long have I used the solution?

I have been using GitGuardian Internal Monitoring for one and a half years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable, so we can create instances for each scan that we run. This means that we will never have any issues with load or performance. We have 100 end users the utilize the solution.

How are customer service and support?

The technical support has been very helpful. The system is also pretty intuitive, so we haven't had to contact them very often.

Which solution did I use previously and why did I switch?

How was the initial setup?

What about the implementation team?

What was our ROI?

We have seen a 10 percent return on investment. Resource-wise, creating a secret once it has been detected is a significant undertaking. Early detection has saved a lot of time, and I think there would be various penalties. Theoretically, if we continued to explore secrets, we could also save and compromise.

What's my experience with pricing, setup cost, and licensing?

I compared the solution to a couple of other solutions, and I think it is very competitively priced.

Which other solutions did I evaluate?

What other advice do I have?

I give GitGuardian Internal Monitoring a seven out of ten. The solution is really good, but the false positives that we had to work with lower the solution's overall score.

Which deployment model are you using for this solution?