ggscout

Change Your Secrets Game

Stop assuming your secrets are safe—make them visible, governed, and secure.

Install ggscout
Read the docs

ggscout

by GitGuardian

ggscout is an external collector that collects secrets metadata from your Secrets Managers and other sources, reconciles it with GitGuardian incidents.

It helps you detect, prioritize, and even push secrets securely into vaults. It never exports plaintext secrets—only hashed fingerprints and metadata.

How to install GitGuardian Scout

binary
binary + docker image
helm chart

Download the binary

To download the binary, please select the appropriate software version.

LinuxOS

Download the binary within a docker image

Use the following command line to deploy GitGuardian Scout on a Docker image.

docker pull gitguardian/nhi-scout/chainguard:latest
Copied

Download the helm chart

Use the following command line to deploy GitGuardian Scout on a Docker image.

helm install nhi-collector [url to download]
Copied

Then install the scout, with a value file:

docker pull gitguardian/nhi-scout--install--value...
Copied

Unifying Secrets.
From Inventory to Impact.

Vault-wide intelligence

Scan rich metadata on every secret (direct path, TTL, rotation time, creation date). All hashed locally. No plaintext secrets ever leave your environment.

Learn how hashing works
End to end map for all secrets

Track vaulted and unvaulted secrets across environments. Unify them into one complete inventory—ideal for remediation, policy audits, and compliance.

See Secrets Map in action
Contextual prioritization

ggscout correlates secrets in vaults and other sources with exposed credentials found elsewhere. Cut through noise. Resolve what’s critical.

How detection works

ggscout integrates with your stack to surface and secure secrets where they live.

Integrations That Go Deep

read/write

Secrets Managers

HashiCorp Vault
AWS Secrets Manager
Azure Key Vault
Google Secret Manager
CyberArk Conjur Cloud
Akeyless
Delinea Secret Server
Learn how hashing works
read-only

CI/CD Systems

GitLab CI
More integrations coming soon
read-only

Infrastructure Sources

Kubernetes

K8s Secrets, ConfigMaps, Deployments, and Service Accounts

More integrations coming soon

Get zero trust secrets intelligence

that never exposes plaintext values outside your environment.

Install ggscout
Read the docs

Resources

The State of Secrets Sprawl

GitGuardian’s annual report on the number of secrets that leaked on public GitHub and their impact on code security.

Introducing ggscout

Change your Secrets Game with ggscout, your secrets manager's manager.  Secure your vaults, prevent leaks, and achieve proactive secrets governance.

Enterprise Buyer’s Guide for Secrets Detection

We look at the essential capabilities and features to take into account when choosing a secrets detection solution.

Can ggscout write to my vaults?

Yes, optionally. You can enable "push to vault" mode to help developers remediate and re-vault exposed secrets.

Can we audit what ggscout sends?

Yes. You can run a fetch-only mode to generate a JSON report locally for audit or compliance review.

Can I use ggscout for free?

Yes, ggscout is free under certain circumstances (e.g., in a free plan or for testing without an enterprise license).

Is ggscout open-source?

It's not fully open source yet, but GitGuardian aims for it. Currently, the code source is shared with customers upon request

GitGuardian leads the way in Non-Human Identity security, offering end-to-end solutions from secrets detection in code, productivity tools and environments to strong remediation, observability and proactive prevention of leaks.

Subscribe to our newsletter to receive the latest content and updates from GitGuardian.

By submitting this form, I agree to GitGuardian’s Privacy Policy

Thank you! Your subscription has been registered!
Oops! Something went wrong while submitting the form.
SOC2 Compliance BadgeAWS Partner logo

© %copyright-year% GitGuardian. All Rights Reserved.

LegalPrivacy PolicyPublic Security PolicyCookies