Forrester: The State of Application Security, 2022
Download ReportDownload Report


Automated Secrets Detection & Remediation.
Monitor public or private source code.

GitHub Public Monitoring

Detect secrets leaked publicly on GitHub. Remediate quickly.

Let's talk!

Monitor all GitHub activity, using many different rules to identify activity that is linked with your company, anywhere on the platform.
Pricing is based on the activity that we linked with your company on the platform

If you’re looking to monitor public repositories listed under your GitHub Organization, and you aren’t interested in detecting secrets leaked elsewhere on the platform (such as in developers’ personal repositories), good news: you fall under our FREE - OPEN SOURCE ORGANIZATIONS plan of GitGuardian Internal Repositories Monitoring!

See pricing for Internal Repos Monitoring

Internal Repositories Monitoring

Detect secrets exposed anywhere in your Software Development Life Cycle.

This is Free!

For public repositories listed under a GitHub Organization

Available in Saas

Quick start for free

This is Free!

1 - 25 developers

Available in Saas

Quick start for free

$2000 / month
billed annually

$200 / year per developer
billed annually

26 - 200 developers

Available in Saas

Available on Prem

Quick start for free

Let's talk!

> 200 developers

Available in Saas

Available on Prem

Schedule a demo


Who counts as a developer?

For Public Monitoring: any publicly active developer who has made at least one public commit somewhere on GitHub. 

For Internal Repos Monitoring: any active contributor to a project you are securing with GitGuardian who has made at least one commit in the last 90 days. 

Are contributors to my Open Source projects counted?

Our Internal Repos Monitoring product is free for repositories hosted under your GitHub Organization.

Our Public Monitoring product is charged based on your numbers of publicly active developers. Contributors to your Open Source projects aren’t always members of your development teams. We count these contributors only if they are actual employees. In such a case, we monitor these contributors wherever they commit on public GitHub, especially on personal and third party repositories. 

How do I access my on premise source code management (GitHub Enterprise, GitLab, Bitbucket)?

Our Internal Repos Monitoring is integrated with GitHub, GitLab and Bitbucket. In order to access your on premise source code management solution, we recommend to use GitGuardian on premise version as well. However, we do offer a secrets scanning API that you can use to integrate with any system.

How do GitGuardian Public Monitoring and GitGuardian Internal Repositories Monitoring work together?

These two products are distinct and complementary. They come in the form of two different dashboards. GitGuardian for Public Monitoring is typically used by Threat Response, while GitGuardian for Internal Repos Monitoring is typically used by Application Security.

This greatly depends however on the way responsibilities are split between your teams. In any case, the look and feel of both GitGuardian dashboards are very similar, so that your team members aren’t lost when they use our two products!

I’m not sure which product I need.

Internal Repos Monitoring tightly integrates with repositories that are owned by your company, either public (under your GitHub Organization, if you have any) or private repositories. These repositories are part of your Software Development Life Cycle.

Public Monitoring is more of a Data Loss Prevention or Threat Intelligence solution. It monitors the whole GitHub public activity, using many different rules to pinpoint activity that is linked with your company and that might be a threat. This activity mostly occurs on repositories that you don’t control and you don’t even know exist, such as your developers’ personal repositories. 

How can I get a count of my developers?

For Public Monitoring, the best option that you have is to reach out to us. We use many different rules to identify public activity that is linked with your company. It just takes one email to our support to get your company’s public activity metrics based on our historical data. 

For Internal Repos Monitoring, a developer is an active contributor to a project you are securing with GitGuardian who has made at least one commit in the last 90 days. 

What are different user roles on GitGuardian?

For Public Monitoring: a user of your GitGuardian dashboard can either be an admin or a member. An admin can manage users, configure integrations and assign incidents to users.

For Internal Repos Monitoring:  Your GitGuardian dashboard has a mandatory owner, which is by default the first registered user. Other users are either managers or members. Managers are just like owners: they can manage users, configure integrations and assign incidents to users. When self-hosting GitGuardian (on premise), we have an additional layer of permissions specific to the administration of your GitGuardian instance.

How do you count API calls?

Quota usage is based on requests and not on content amount or size. As an example, the scan of a single file, via single scan endpoint, and the scan of a commit involving multiple files, via multiple scan endpoint, both use 1 API call per request.

The quota is set on a rolling month basis (and not on calendar month). By default, we grant 1,000 calls/month on our free plans and 10,000 calls/month for our paying customers. Those quotas can be fine tuned upon request.

What data is leaving my perimeter and going into the GitGuardian cloud? What if I am not allowed to upload anything to the cloud?

For Public Monitoring: the product only scans data that is already publicly available on public GitHub. When data is published to GitHub, it is instantly mirrored in multiple locations that you can’t control. Your most important priorities are to revoke any credentials potentially hardcoded in your source code to prevent malevolent access, then to take down the repository to prevent wider spread. 

For Internal Repos Monitoring: your source code is uploaded to our cloud. If your security constraints don’t allow this, we recommend to use our on premise version. Contact us to learn more. 

Do you have discounts for nonprofit institutions or educational institutions?

We do! Please contact us.

Portrait Solomon Hykes - GitHub Co-Founder

Securing your systems starts with securing your software development process. GitGuardian understands this, and they have built a pragmatic solution to an acute security problem. Their credentials monitoring system is a must-have for any serious organization.

Solomon Hykes, Co-founder

Portrait Anne Hardy - CISO Talend

What I have found to be very effective with GitGuardian is that we can analyze the history of Talend-related alerts on the entire GitHub perimeter, whether they are our official public directories or any public directory outside the control of Talend … What we didn’t anticipate was that most of the alerts came from the personal repositories of our developers.

Anne Hardy, CISO

Portrait Yury Koldobanov, Director of IT at Mirantif

GitGuardian is flexible and reacts fast to feedback. I can talk about my specific needs, 
and see a reaction from the team very quickly. GitGuardian also provides guidance and best practices to help us grasp all details of this aspect of cyber security.

Yury Koldobanov, Director of IT

Arrow slider
Arrow slider right

Ready to start?

Schedule a demo