NEW! Enterprise Buyer's Guide for Secrets Detection Platform
DownloadDownload

Security Architect/ THREAT INTELLIGENCE ANALYST/ SIEM engineer

GitGuardian for SecOps Analysts

Monitor your footprint on public GitHub and analyze both historical and real-time incidents. Use the right threat intelligence solution to prevent source code and secrets leaks.

Organizations we protect

Find out why GitGuardian is the no.1 security app on GitHub Marketplace

Like many software companies, Mirantis is concerned about leaking keys

Most DLPs would put the burden of defining the perimeter on us. GitGuardian is different, it takes care of all the hard work. We now have full visibility over what’s happening on public GitHub and with real-time alerting, we can take action before it’s too late.

Human error exists, but the key is to be alerted and be able to take appropriate action when a leak is found

What I have found to be very effective with GitGuardian is that we can analyze the history of Talend-related alerts on the entire GitHub perimeter, whether they are our official repositories or any public directory outside the control of Talend. What was very interesting and what we didn't anticipate was that most of the leaked secrets came from the personal code repositories of our developers.

Detects and alerts us about leaks quickly, and enables us to filter and prioritize occurrences.

One thing I really like about it is the fact that we can add search words or specific payloads inside the tool, and GitGuardian will look into GitHub and alert us if any of these words is found in a repository... With this capability in the tool, we have good surveillance over our potential blind spots.

Arrow left
Arrow right

The world builds software on GitHub

90M+

developer accounts

300M+

hosted repositories

4M+

active organizations

(90% of Fortune 100 companies)

Untangling the web of secrets on public GitHub is difficult

Security Lifecycle
  • Corporate credentials leak on public GitHub

    Even if your company doesn't use GitHub, developers may use it for their side projects. It's easy to push sensitive data to a personal project. Sometimes developers are inexperienced, other times, it's a test that was overlooked, and sometimes they just forget that the repository is public.It's also highly likely that subcontractors copy and paste code more often than anyone else. And even if sensitive information is removed from the actual version of the source code, the entire git history is still accessible to everyone.

  • Restricted secrets exposure visibility

    Most developers use the same GitHub account for personal and professional projects, occasionally mixing the repositories. 80% of corporate leaks on public GitHub occur on developers’ personal repositories. You have no authority to enforce any preventive security measures here. Leaks also happen in the repositories of your subcontractors. It's a blind spot as these accounts are not accessible to you by default.

  • Numerous tools equal numerous alerts

    A large number of alerts turn out to be false positives. The time and effort required to process all of this data are considerable. Additionally, working on time-consuming, repetitive alerts day after day can be exhausting. Moreover, it is difficult to discern what deserves attention and follow-up from what does not because of the enormous number of false positives.

  • Unstructured communication of secrets incidents

    It's common for crucial information that you need to handle an incident to either not be communicated at all or to be unstructured, which makes further investigation and analysis challenging.

Featured report:

The State of Secrets Sprawl 2023

Unlock our findings from extensive research on public GitHub. We have been scanning every contribution and event on public repositories since 2017 to uncover every secret and a ton of sensitive data. We continuously train our algorithms and detectors on a dataset of 3 billion commits producing alerts with the highest fidelity and precision.

Download now

Enter GitGuardian Public Monitoring

Our SaaS solution monitors both your company's official open-source repositories and the personal repos of the developers that work for you.

Monitor

Map your attack surface on public GitHub and monitor it 24/7.

We can help you find your active GitHub developers by defining a dynamic surveillance perimeter with our unique identity stitching technique.

  • GitGuardian creates a perimeter based on your active developers and GitHub organizations while allowing manual addition of private members.

  • Enrich your perimeter with keywords specific to your company, like internal project names, internal URLs, or a reserved IP address range.

  • Former developers can also reveal secrets. They are restricted to the perimeter for a maximum of two years after their last commit.

  • Every time one of the developers inside your perimeter commits a secret, we detect it in minutes and immediately notify you.

detect

The secrets detection engine of GitGuardian is unique.

GitGuardian's R&D team has created the best library of automated secrets detectors, which are tested on every commit from GitHub's public activity.

  • Detects over 350 types of specific and generic secrets, including private keys, certificates, JWTs, and also supports custom regex patterns.

  • Specific detectors have a 91% True Positive Rate, while generic detectors offer an 80% True Positive Rate.

  • More than 40% of detectors have built-in validity checks and perform contextual code analysis to filter out potential false positives.

  • Check historical incidents within your perimeter and monitor in real-time all public GitHub changes.

  • GitGuardian collects all occurrences of secrets being exposed across multiple files and repositories into a single incident.

REMEDIATE

Remediate any risks on public GitHub.

We provide centralized coordination, collaboration, and management for forensic analysis along with prioritized, relevant, and actionable alerts for incident response.

  • If alerted about a leak, check if the developer is still with your company and send them a form to assess impact and prioritize the incident.

  • Remediate incidents quickly using filters such as type, severity, location, recency, validity, and presence on public GitHub, etc.

  • Save time when assigning severity levels. Choose from a set of templated severity rules or build your own custom severity rules.

  • Close past credentials. Remember how Toyota suffered a data breach by exposing a secret key publicly on GitHub for nearly 5 years? Read the blog

  • Manage incidents programmatically with automation capabilities through a REST API.

threat hunt

Actively look for threats on public GitHub.

Use Explore – the search engine by GitGuardian – for offensive security on GitHub.

  • Search more than 12 billion files (approx. 5 years of GitHub history is available).

  • Find unsanctioned corporate sensitive data on public GitHub (IP addresses, machine IDs, project code names, proprietary licenses).

  • Schedule periodic queries and run GitGuardian’s secrets detection engine on top of the results.

  • Get clean and actionable insights within the product with our analytics dashboards highlighting the most important metrics about your incidents.

Download solution brief

Want to know if your company’s secrets are on public GitHub?

Get a complimentary audit of your potential secret leaks (API keys, passwords, certificates) now.

Get a complimentary audit

GitGuardian integrates your existing security tools and mechanisms

GitGuardian natively supports several SIEM, including PagerDuty, Splunk, and Sumo Logic. If you need to create your integration or workflow, we also support custom webhooks. Send notifications to Slack and Microsoft Teams channels to inform other team members.

Detect breaches in your supply chain with Honeytoken

If you're concerned about intruders infiltrating your supply chain, then our Honeytoken technology is the solution for you. You can create, manage, and monitor honeytokens that trigger alerts when they're accessed, allowing you to be the first to know of any breaches. By being alerted quickly, you can reduce your Mean-Time-To-Detect to mere minutes.

When a honeytoken is triggered, we provide you with relevant information to help investigate the potential breach thoroughly. Our guidelines help you respond accordingly and safeguard your supply chain like never before.

Explore Honeytoken

Related GitGuardian resources

breach explained

Samsung and Nvidia involuntarily go open-source leaking company secrets.

Read the article >

article

4 Reasons MSPs Should Monitor Their GitHub Footprint.

Read the article >

ARTICLE

Launching GitGuardian Honeytoken: your powerful ally to detect any breaches in the supply chain!

Read the article >

Source code and secrets leaks have become common today. Act now to secure your organization!