GitGuardian Internal Monitoring vs GitLab Secret Detection

Understand how GitGuardian Internal Monitoring compares with GitLab Secret Detection, so you can find the best fit for you.

Compare GitGuardian to GitLab Secret Detection
gitlab secret detection alternatives

Hey there! If you’re deep in the research process of choosing a new git secrets scanning solution then you’re probably looking to compare GitGuardian with other options to determine whether it might be right for you. To help make this as easy as possible, we’ve put together a detailed overview of how GitGuardian Internal Monitoring stacks up to GitLab’s secret scanning.

Before we dive into the comparison of the main features we first need to acknowledge the difference in business models between GitLab Secret Detection and GitGuardian Internal Monitoring.

The difference in business models

Most of GitLab's Application Security features, including secret scanning, are covered in the GitLab Ultimate license. The bundle includes:

Purchasing a GitLab Ultimate license for Application Security features might be a worthwhile decision if you are looking to deal with a single vendor for multiple security capabilities. There’s one caveat however, you are going without the in-depth coverage of best-of-breed solutions. For example, Snyk for open-source dependency scanning and GitGuardian for secret scanning will perform better in their respective areas. Ultimately, it comes down to choosing between the best possible coverage while dealing with multiple vendors or the convenience of dealing with a single vendor.

As mentioned above, GitLab Ultimate covers different elements of application security. This page will evaluate one feature of the package, Secret Detection.

Now let’s dive into how GitLab’s Secret Detection, based on the open source tool GitLeaks (for which we have a dedicated comparison) compares with GitGuardian's Internal Monitoring solution.

Let's compare!

The space is evolving quickly, and we make our best efforts to keep information on our competitors up to date. If you see any information that you consider outdated or unfair with our competitors, please contact us and we will immediately set the record straight!

General capabilities

(for GitGuardian Internal Monitoring product)

GitGuardian

GitLab Secret Detection

Core detection capabilities / supported policies

GitGuardian

truffleHog

Supported providers

250+ types of secrets supported with high accuracy level provided by the ability to check the validity of some type of keys before raising an alert

20 types of secrets

Based on the ​​rulesets and key types of open-source tool GitLeaks.

Generic Secrets

“Paranoïd mode” based on the powerful combination of entropy checks + contextual analysis of the presumed secret

Supported. Very limited generic prefixes for API keys “api-”

No contextual analysis (= false-positive prone)

Sensitive File names

Sensitive filetypes raise specific alerts: policy breaks.

Not supported

Ability to define custom patterns

On roadmap (H2 2021)

Yes, through GitLeaks customizable rulesets.

Only available with GitLab Ultimate plan.

← swipe left

Implementation method

GitGuardian

truffleHog

GitLab - Instance Level

Yes, native compatibility

Yes, with GitLab Runner with the docker or Kubernetes executor.

GitLab - Project / Repo level

Yes, native compatibility

Yes, runs in the GitLab Pipeline of a given project, and in the MR widget.

Secrets Detection API

Core detection engine can be used to scan any type of text files (Slack messages, Gdivre, Jira tickets, etc.)
More information: here

No secret detection API

← swipe left

SDLC stage scanning capabilities

GitGuardian

truffleHog

Pre-commit

Supported through GitGuardian Shield (view documentation here)

Supported via customization

Pre-push

Supported through GitGuardian Shield (view documentation here)

Supported via customization

Pre-receive

Supported but not recommended because "pre receive" can block developers and create friction

Supported via customization

Post-receive

Yes, supported natively. Real-time incremental scanning.

Yes, but checks can only be included in your GitLab pipelines.

CI pipeline

Natively integrates with GitLab pipelines, in addition to CircleCI, Travis CI, Drone CI...

Limited to GitLab pipelines

Full historical scan

Yes, can be launched on-demand through the interface

Yes, can be configured to run as a job within your GitLab pipelines.

← swipe left

Interface and centralization of alerts

GitGuardian

truffleHog

Results visualization / Output format

Rich UI / centralized dashboard for Infosec and GitLab admins

Results can be displayed in your GitLab Security Dashboard (see here).

JSON reports for all vulnerabilities are also available.

Only available with GitLab Ultimate plan.

Infosec team view

Rich UI / centralized dashboard for Infosec and GitLab admins

Results can be displayed in your GitLab Security Dashboard (see here).

Only available with GitLab Ultimate plan.

Developer / Engineering view

“Developer in the loop” feature (scoped access to the dashboard for developers), GitGuardian is also compatible with GitLab pipelines via gg-shield

Developers can view pipelines’ security tab and reports in the merge request widget.

Only available with GitLab Ultimate plan.

← swipe left

RBAC

GitGuardian

truffleHog

Roles available

Owner / Manager (admin) / Members

No

SSO

Full compatibility with any SAML 2.0 provider

Yes

← swipe left

Alerting

GitGuardian

truffleHog

Email

Email alert to dashboard members (Infosec team) and commit author

Yes, but only at the developer level for failed pipelines.

Splunk

Native integration

Not supported

Slack

Native integration

Not supported

JIRA

Native integration (Q4 2021)

Yes, if the JIRA integration is enabled on the specific project

Custom webhook to integrate anywhere

Available to push alerts (JSON output format)

GitLab Issues

Not supported

Native integration

← swipe left

Reporting

GitGuardian

truffleHog

In-app

Yes, rich UI with centralized metrics to assess security posture over time and remediation performance.

Limited, through the security dashboard.  

Only available with GitLab Ultimate plan.

Data exporting

All data is exportable in .csv (including historical incidents)

Yes, in JSON format.

← swipe left

Collaborative remediation

GitGuardian

truffleHog

Collaborative remediation

“Developer in the loop” feature allows the Infosec team to collect feedback directly from the developer responsible for an incident through the dashboard.

Limited collaboration possibilities.

← swipe left

Incident lifecycle management

GitGuardian

truffleHog

Whitelisting

Yes; ability to mark test keys and whitelist future occurrences of such keys.

Yes

Grouping/deduplication of alerts

Multiple alerts related to the same leaked credential are grouped and can be resolved in a unified manner. Triaging and resolving multiple occurrences in bulk is possible.

Not supported

REST API

API to retrieve and update secrets incidents

Not supported

← swipe left

Deployment method

GitGuardian

truffleHog

Available in SaaS

Yes

Yes

Available On-Prem

Yes

Yes

← swipe left

Multi source scanning

GitGuardian

truffleHog

VCS

Integrates natively with GitLab, in addition to GitHub and Bitbucket.

Yes, limited to GitLab

Docker image scanning

Yes

Not supported

Other sources

REST API to scan any plain text by leveraging GitGuardian’s secrets detection engine.

Not supported

← swipe left

Get a demo

The short version

Choosing between GitLab Ultimate’s Secret Detection and GitGuardian Internal Monitoring is a choice between deciding if you want to deal with one vendor for multiple critical security disciplines or multiple vendors that have the most extensive coverage in their discipline.

The answer to what solution to buy will very much depend on your precise requirements and also what current tools and solutions you already have in place.
GitLab relies on gitleaks for secrets detection and this can put a lot of risk on your business since it is an open-source project maintained by a single individual and will require a lot of customization. On the other side, GitGuardian is a reliable company with a dedicated team maintaining its secrets detection engine and offering high-quality support to its customers.

To understand more and advise on your specific scenario please don’t hesitate to contact our sales team.

gitguardian vs github advanced security for git secrets scanning

GitGuardian Internal Monitoring is best if:

You want the most comprehensive secret detection coverage across the board

Your organization is currently using different security tools for SAST or detecting vulnerabilities in dependencies, and you’re looking to add secrets detection to your existing tool belt rather than buying a generic code security solution

You want advanced remediation playbooks

You want to empower both security teams and developers

You want a tool to solve the secret sprawl in general and not only in GitLab.

gitlab secret detection vs gitguardian

GitLab Ultimate's Secret Detection is best if:

You want to deal with one code security vendor

You want to implement minimum security standards across multiple disciplines

Secured by GitGuardian

Schedule a demo

Schedule a demo!

Review your business needs with us and learn more about monitoring source code for secrets!