DevSecOps Blueprint: from Vulnerability Management and Security-by-Design to Pipeline Integrity

DOWNLOAD

DevSecOps Blueprint: from Vulnerability Management and Security-by-Design to Pipeline Integrity

DOWNLOAD

GitGuardian Pricing

free

Starter

For individuals or up to 25 devs

$0

Always
No credit card required
Get Started
Secrets Detection Logo

free Plan also includes:

5 honeytokens

Up to 25 devs

Unlimited real-time scanning

Up to 500 historical scan detection

Business

Teams

Recommended for teams up to 200 devs

$220

/year
per developer
Start Trial
Secrets Detection Logo
ADD-ONS

everything in free Plan, plus:

Up to 20 teams

Unlimited contributing developers

Remediation playbooks

Scan developers collaboration tools

Enterprise

Custom

Recommended for 200+ dev teams

Let’s Talk

Contact Sales
Products available
Secrets Detection Logo

everything in business Plan, plus:

Self-hosted deployment

Unlimited teams

Unlimited API quota calls

Scan Git repository up to 60Gb

Unlimited custom detectors

Dedicated support channel

Number 1

Security app on the

GitHub marketplace

Trusted by security leaders at the world’s largest companies

All GitGuardian Products

Hide platform plan details
Dropdown Arrow
Secrets detection logo

Secrets Detection

Dropdown Arrow

Sources

Application source code, Docker images

++

++

++

Git repositories max scanning size

1Gb

12Gb

60Gb

Scan developers collaboration tools

--

Ticketing, Documentation, Messaging, Container Registries

Ticketing, Documentation, Messaging, Container Registries

Historical scan

500

Unlimited

Unlimited

SDLC stages

Multi-VCS support
GitHub, Azure Repos, GitLab, Bitbucket

++

++

++

GitHub Enterprise server

--

++

++

Developer workstations scan - Git hooks

++

++

++

Pull requests - GitHub only

++

++

++

Detection

Specific detectors (%ndet%+)

++

++

++

Generic detectors (%ngdet%+)

++

++

++

Custom detectors - REGEX based

--

++

1 detector included

++

Unlimited detectors

Validity and presence checks (periodicity)

Low frequency

High frequency

High frequency

Remediation

Automated severity scoring
(context-based)

--

++

Built-in rules only

++

Built-in and custom

Developer-in-the-loop
(feedback and resolution)

++

++

++

Remediation playbooks

++

Only some playbooks

++

++

Remediation guidelines
for developers

++

Default and custom

++

Default and custom

++

Default and custom

Prevention

GitGuardian CLI ggshield
(in pre-commit hooks)

++

++

++

Honeytoken addon logo

Honeytoken

Dropdown Arrow

Honeytokens

Included for Free

5 Honeytokens

5 Honeytokens

5 Honeytokens

Type

AWS IAM Secrets

AWS IAM Secrets

AWS IAM Secrets

ADD-ON Quota

--

10 / dev

Custom

Deployment

Automated detection in source code

++

++

++

Perimeter coverage tracking

++

++

++

Inventory management
(with key/value labels)

++

++

++

Deployment jobs

--

++

++

Monitoring

Leakage detection
on public sources (GitHub)

++

++

++

IP labeling

++

++

++

Incident response

Enriched events stream (e.g., user agent, action, IP address, tags, etc.)

++

++

++

Platform logo

Platform

Dropdown Arrow

Deployment

SaaS

++

++

++

Data center regions

US

US / Europe

US / Europe

Self-hosted
(KOTS or Helm chart)

--

--

++

Starting at 200 devs

Administration

SSO login with
SAML 2.0 support

--

++

++

Teams

--

Up to 20 teams

Unlimited

Custom roles
(coming soon)

--

++

Up to 3 roles

++

Unlimited

IP allowlisting

++

++

++

Alerting & ticketing

Native integrations for Slack, Discord, PagerDuty, and Splunk alerts

++

Workspace-level

++

Team-level

++

Team-level

Jira integration

++

++

++

Event-driven webhooks

++

++

++

Analytics & reporting

Analytics dashboard

++

++

++

Export (.csv format)

--

++

++

API & developer tools

REST API for workspace and
incident management

++

++

++

GitGuardian CLI for
developers (ggshield)

++

++

++

Quota

10,000
calls/month

1M
calls/month

Unlimited

Other

Audit logs (UI)

++

++

++

Audit logs (API)

++

++

12-month retention

++

unlimited retention

Support

Onboarding program

Self-service resources
(docs, guides)

++

++

Customer support

Ticket portal

Ticket portal

Ticket portal and live support

Support availability

N/A

Next business day

During
business hours

Premium support

--

--

Add-on

Public Monitoring

Dropdown Arrow

Support

Official open-source repositories

--

--

++

Public personal repos of developers and subcontractors

--

--

++

Regular update of this perimeter

--

--

++

Detection

Real-time monitoring of GitHub repos

--

--

++

Scan 6 years of past contributions 

(Even if deleted or made private)

--

--

++

Specific and generic secrets detection

--

--

++

Keyword detection specific to your organization

--

--

++

Built-in validity and presence checks

--

--

++

Advanced contextual analysis that enhances precision & recall

--

--

++

Post-detection insights

--

--

++

Audit logs

--

--

++

Real-time alerting

Notifications via configured channels (Jira, Slack, etc.)

--

--

++

Alerts on events
(severity updates, notes, etc.)

--

--

++

Emails for new incidents, public events etc

--

--

++

Threat hunting

Search Public GitHub with regex and full-text queries and scan results for secrets

--

--

++

Deployment

SaaS

--

--

++

Authn/Authz

SSO login with SAML 2.0

--

--

++

Roles & permissions

--

--

++

API

REST API for programmatic and at-scale incident lifecycle management, custom webhooks

--

--

++

Support

Onboarding program with dynamic attack surface mapping

--

--

++

Account management and customer success support

--

--

++

Ticket portal and live support

--

--

++

Enterprise AppSec is challenging

You have more than 500 developers?

Let’s get you on our enterprise onboarding program.

only available for gitguardian platform

Premium Support

build and rollout the most comprehensive secrets detection and remediation program.

Check

Get support from a dedicated team of SREs for on-premise deployments

Check

Design a phased rollout program with the help of our Solutions Engineering team

Check

Train security and dev teams on vulnerability management and remediation

Talk to an expert

Schedule a 30-minute demo and get a complimentary report with your organization’s live incidents on GitHub.

I’m not sure which product I need.

GitGuardian platform tightly integrates with repositories that are owned by your company, either public (under your GitHub Organization, if you have any) or private repositories. These repositories are part of your Software Development Life Cycle.

Public Monitoring is more of a Data Loss Prevention or Threat Intelligence solution. It monitors the whole GitHub public activity, using many different rules to pinpoint activity that is linked with your company and that might be a threat. This activity mostly occurs on repositories that you don’t control and you don’t even know exist, such as your developers’ personal repositories.

Can I purchase licenses for GitGuardian Platform and Public Monitoring on AWS Marketplace?

Only GitGuardian Platform licenses can be acquired via AWS Marketplace. Please visit https://aws.amazon.com/marketplace to learn more.

If you are a large organization looking to acquire several hundred licenses, you can also request a private offer from the GitGuardian team. Please contact sales@gitguardian.com.

How do GitGuardian Public Monitoring and GitGuardian Secrets Detection work together?

These two products are distinct and complementary. They come in the form of two different dashboards. GitGuardian for Public Monitoring is typically used by Threat Response, while GitGuardian platform is typically used by Application Security.

This greatly depends however on the way responsibilities are split between your teams. In any case, the look and feel of both GitGuardian dashboards are very similar, so that your team members aren’t lost when they use both products!

Who counts as a developer?

For Public Monitoring: any publicly active developer who has made at least one public commit somewhere on GitHub.

For GitGuardian platform: any active contributor to a project you are securing with GitGuardian who has made at least one commit in the last 90 days.

How can I get a count of my developers?

For Public Monitoring, the best option that you have is to reach out to us. We use many different rules to identify public activity that is linked with your company. It just takes one email to our support to get your company’s public activity metrics based on our historical data.

For GitGuardian platform, a developer is an active contributor to a project you are securing with GitGuardian who has made at least one commit in the last 90 days.

Are contributors to my Open Source projects counted?

Our GitGuardian platform product is free for repositories hosted under your GitHub Organization.

Our Public Monitoring product is charged based on your numbers of publicly active developers. Contributors to your Open Source projects aren’t always members of your development teams. We count these contributors only if they are actual employees. In such a case, we monitor these contributors wherever they commit on public GitHub, especially on personal and third party repositories.

How do you count API calls?

Quota usage is based on requests and not on content amount or size. As an example, the scan of a single file, via single scan endpoint, and the scan of a commit involving multiple files, via multiple scan endpoint, both use 1 API call per request.

The quota is set on a rolling month basis (and not on calendar month). By default, we grant 10,000 calls/month on our free plans and 1M calls/month for our customers on the business plan. Those quotas can be fine tuned upon request.

Do you have discounts for nonprofit institutions or educational institutions?

We do! Please contact us.