Individual developers &
teams of 25 members or fewer.
Free forever
For teams up to 200 developers.
$25 per contributing dev/month
($7800 billed annually)
26 developers
Your organization has more than 200 developers.
Custom
Application source code, Infrastructure-as-Code, Docker images
← swipe left
Developer workstations (git hooks)
CI environments
VCS (GitHub, GitHub Enterprise, GitLab, Bitbucket, Azure DevOps)
Pull requests (GitHub only)
← swipe left
Specific detectors (350+)
Generic detectors (10+)
Custom detectors
Validity and presence checks (periodicity)
← swipe left
Slack
Discord
PagerDuty
Splunk
Event-driven webhooks
← swipe left
Severity assignment
Developer-in-the-loop (feedback and resolution)
Playbooks / automated remediation workflows
← swipe left
Source detection of honeytokens
Code leakage detection on public GitHub
IP tagging
← swipe left
REST API and CLI for secrets detection
REST API for incident management
Service accounts
Quota and rate limits
← swipe left
SSO login with SAML 2.0 support
RBAC with roles
RBAC with teams
Audit logs
← swipe left
On-prem
← swipe left
Customer Support
Onboarding program
← swipe left
You have more than 200 developers? Let’s get you on our enterprise onboarding program. We’ll help you build and rollout the most comprehensive secrets detection and remediation program.
Get support from a dedicated team of SREs for on-premise deployments
Design a phased rollout program with the help of our Solutions Engineering team
Train security and dev teams on vulnerability management and remediation
Boost your supply chain security at an affordable price. Reduce your attack surface and detect early intrusions.
Discover your developers’ footprint on public GitHub and map your attack surface
Monitor your perimeter in real-time for exposed secrets and other sensitive data
Invite developers to contribute to investigations and remediate incidents
Schedule a 30-minute demo and get a complimentary report with your organization’s live incidents on GitHub.
GitGuardian platform tightly integrates with repositories that are owned by your company, either public (under your GitHub Organization, if you have any) or private repositories. These repositories are part of your Software Development Life Cycle.
Public Monitoring is more of a Data Loss Prevention or Threat Intelligence solution. It monitors the whole GitHub public activity, using many different rules to pinpoint activity that is linked with your company and that might be a threat. This activity mostly occurs on repositories that you don’t control and you don’t even know exist, such as your developers’ personal repositories.
Secrets Detection and Honeytoken work together seamlessly as a comprehensive bundle to fortify your software supply chain security:
Enhanced Coverage: The bundle combines Secrets Detection and active intrusion detection through Honeytoken, offering a comprehensive shield against secrets exposure and unauthorized access within your supply chain.
Source Detection: Within monitored repositories, the bundle provides detailed source and file information for each deployed honeytoken, ensuring thorough coverage and precise tracking.
Minimized False Alerts: The Secrets Detection engine automatically identifies generated honeytokens, preventing unnecessary alerts in the dashboard and optimizing your security response.
Developer Security: Designed for security teams and developers, the bundle emphasizes a shift-left mindset. GitGuardian CLI enables developers to create honeytokens and address secrets directly in the code, promoting proactive security measures.
In conclusion, Secrets Detection and Honeytoken provide proactive, layered defense, from uncovering exposed secrets to real-time intrusion detection, fostering a resilient and collaborative supply chain security posture.
These two products are distinct and complementary. They come in the form of two different dashboards. GitGuardian for Public Monitoring is typically used by Threat Response, while GitGuardian for GitGuardian platform is typically used by Application Security.
This greatly depends however on the way responsibilities are split between your teams. In any case, the look and feel of both GitGuardian dashboards are very similar, so that your team members aren’t lost when they use both products!
For Public Monitoring: any publicly active developer who has made at least one public commit somewhere on GitHub.
For GitGuardian platform: any active contributor to a project you are securing with GitGuardian who has made at least one commit in the last 90 days.
For Public Monitoring, the best option that you have is to reach out to us. We use many different rules to identify public activity that is linked with your company. It just takes one email to our support to get your company’s public activity metrics based on our historical data.
For GitGuardian platform, a developer is an active contributor to a project you are securing with GitGuardian who has made at least one commit in the last 90 days.
Our GitGuardian platform product is free for repositories hosted under your GitHub Organization.
Our Public Monitoring product is charged based on your numbers of publicly active developers. Contributors to your Open Source projects aren’t always members of your development teams. We count these contributors only if they are actual employees. In such a case, we monitor these contributors wherever they commit on public GitHub, especially on personal and third party repositories.
Quota usage is based on requests and not on content amount or size. As an example, the scan of a single file, via single scan endpoint, and the scan of a commit involving multiple files, via multiple scan endpoint, both use 1 API call per request.
The quota is set on a rolling month basis (and not on calendar month). By default, we grant 1,000 calls/month on our free plans and 10,000 calls/month for our paying customers. Those quotas can be fine tuned upon request.
We do! Please contact us.