Challenges
Solution
Results
What is most valuable?
Key quote
What’s next
What is our primary use case?
We brought in GitGuardian Internal Monitoring to review all of our code within GitHub so that we can identify and fix any exposed secrets.
How has it helped my organization?
I have been very impressed with the breadth of its detection capabilities. I did a proof of concept with a couple of other common tools for the same kind of thing, and I found GitGuardian to be the best. It finds everything that I would expect it to find. It found more than I thought we would find, so I am very happy with the detection.
What is most valuable?
There is quite a lot to like. Its user interface is fantastic, and being able to sort the incidents by whether they are valid or for a certain repository or a certain user has been very beneficial in helping investigate what has been found.
What needs improvement?
Automated Jira tickets would be fantastic. At the moment, I believe we have to go in and click to create a Jira ticket. It would be nice to automate.
For how long have I used the solution?
I have been using GitGuardian Internal Monitoring for about nine months.
What do I think about the stability of the solution?
It is a stable solution. I have not noticed any issues with performance, downtime, or anything like that. I would rate it a ten out of ten for stability.
What do I think about the scalability of the solution?
It is scalable. All it requires is someone with GitHub admin permissions. We can integrate as many repos and sources as we want. I would rate it a ten out of ten for scalability.
How are customer service and support?
Their technical support so far has been fantastic. Anytime I raise a ticket, it is resolved and answered very quickly. I am very impressed. Their support is incredibly knowledgeable. Whenever I have questions about detection or remediation, they are very detailed in their answers, and they clearly know a lot about the tool.
Which solution did I use previously and why did I switch?
We did not use any similar solution before. It was a manual process. We did not monitor anything. We just occasionally noticed things to be resolved. It was a manual process.
How was the initial setup?
To implement it, the only thing required from our side was having someone with admin permissions to enable the installation. It was minimal from our side.
What about the implementation team?
It required just one person with GitHub admin privileges. I clicked a few buttons, and then he went in and approved it, and that was it.
What was our ROI?
It has definitely saved us a lot of time. To be able to view everything important and narrow our focus to resolve issues has sped up our development process and decreased our security risk.
What's my experience with pricing, setup cost, and licensing?
I am only aware of the base price. I do not know what happened with our purchasing team in discussions with GitGuardian. I was not privy to the overall contract, but in terms of the base MSRP price, I found it reasonable.
Which other solutions did I evaluate?
We reviewed three or four main secret detection products available. We reviewed GitHub Advanced Security and BluBracket.
What other advice do I have?
To a security colleague at another company who is using an open-source secrets detection solution, I would be happy to recommend GitGuardian. I have been setting up and using the tool. I can happily, personally, and professionally recommend this tool to others.
.svg)
