Security Architect/ THREAT INTELLIGENCE ANALYST/ SIEM engineer
Monitor your footprint on public GitHub and analyze both historical and real-time incidents. Use the right threat intelligence solution to prevent source code and secrets leaks.
Most DLPs would put the burden of defining the perimeter on us. GitGuardian is different, it takes care of all the hard work. We now have full visibility over what’s happening on public GitHub and with real-time alerting, we can take action before it’s too late.
What I have found to be very effective with GitGuardian is that we can analyze the history of Talend-related alerts on the entire GitHub perimeter, whether they are our official repositories or any public directory outside the control of Talend. What was very interesting and what we didn't anticipate was that most of the leaked secrets came from the personal code repositories of our developers.
One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository... With this capability in the tool, we have good surveillance over our potential blind spots.
(90% of Fortune 100 companies)
Even if your company doesn't use GitHub, developers may use it for their side projects. It's easy to push sensitive data to a personal project. Sometimes developers are inexperienced, other times, it's a test that was overlooked, and sometimes they just forget that the repository is public.It's also highly likely that subcontractors copy and paste code more often than anyone else. And even if sensitive information is removed from the actual version of the source code, the entire git history is still accessible to everyone.
Most developers use the same GitHub account for personal and professional projects, occasionally mixing the repositories. 80% of corporate leaks on public GitHub occur on developers’ personal repositories. You have no authority to enforce any preventive security measures here. Leaks also happen in the repositories of your subcontractors. It's a blind spot as these accounts are not accessible to you by default.
A large number of alerts turn out to be false positives. The time and effort required to process all of this data are considerable. Additionally, working on time-consuming, repetitive alerts day after day can be exhausting. Moreover, it is difficult to discern what deserves attention and follow-up from what does not because of the enormous number of false positives.
It's common for crucial information that you need to handle an incident to either not be communicated at all or to be unstructured, which makes further investigation and analysis challenging.
The State of Secrets Sprawl 2023
Unlock our findings from extensive research on public GitHub. We have been scanning every contribution and event on public repositories since 2017 to uncover every secret and a ton of sensitive data. We continuously train our algorithms and detectors on a dataset of 3 billion commits producing alerts with the highest fidelity and precision.
Our SaaS solution monitors both your company's official open-source repositories and the personal repos of the developers that work for you.
We can help you find your active GitHub developers by defining a dynamic surveillance perimeter with our unique identity stitching technique.
GitGuardian creates a perimeter based on your active developers and GitHub organizations while allowing manual addition of private members.
Enrich your perimeter with keywords specific to your company, like internal project names, internal URLs, or a reserved IP address range.
Former developers can also reveal secrets. They are restricted to the perimeter for a maximum of two years after their last commit.
Every time one of the developers inside your perimeter commits a secret, we detect it in minutes and immediately notify you.
GitGuardian's R&D team has created the best library of automated secrets detectors, which are tested on every commit from GitHub's public activity.
Detects over 350 types of specific and generic secrets, including private keys, certificates, JWTs, and also supports custom regex patterns.
Specific detectors have a 91% True Positive Rate, while generic detectors offer an 80% True Positive Rate.
More than 40% of detectors have built-in validity checks and perform contextual code analysis to filter out potential false positives.
Check historical incidents within your perimeter and monitor in real-time all public GitHub changes.
GitGuardian collects all occurrences of secrets being exposed across multiple files and repositories into a single incident.
We provide centralized coordination, collaboration, and management for forensic analysis along with prioritized, relevant, and actionable alerts for incident response.
If alerted about a leak, check if the developer is still with your company and send them a form to assess impact and prioritize the incident.
Remediate incidents quickly using filters such as type, severity, location, recency, validity, and presence on public GitHub, etc.
Save time when assigning severity levels. Choose from a set of templated severity rules or build your own custom severity rules.
Close past credentials. Remember how Toyota suffered a data breach by exposing a secret key publicly on GitHub for nearly 5 years? Read the blog
Manage incidents programmatically with automation capabilities through a REST API.
Use Explore – the search engine by GitGuardian – for offensive security on GitHub.
Search more than 12 billion files (approx. 5 years of GitHub history is available).
Find unsanctioned corporate sensitive data on public GitHub (IP addresses, machine IDs, project code names, proprietary licenses).
Schedule periodic queries and run GitGuardian’s secrets detection engine on top of the results.
Get clean and actionable insights within the product with our analytics dashboards highlighting the most important metrics about your incidents.
Want to know if your company’s secrets are on public GitHub?
Get a complimentary audit of your potential secret leaks (API keys, passwords, certificates) now.
GitGuardian natively supports several SIEM, including PagerDuty, Splunk, and Sumo Logic. If you need to create your integration or workflow, we also support custom webhooks. Send notifications to Slack and Microsoft Teams channels to inform other team members.
If you're concerned about intruders infiltrating your supply chain, then our Honeytoken technology is the solution for you. You can create, manage, and monitor honeytokens that trigger alerts when they're accessed, allowing you to be the first to know of any breaches. By being alerted quickly, you can reduce your Mean-Time-To-Detect to mere minutes.
When a honeytoken is triggered, we provide you with relevant information to help investigate the potential breach thoroughly. Our guidelines help you respond accordingly and safeguard your supply chain like never before.Explore Honeytoken