We performed a comparison between GitGuardian Platform and GitHub Advanced Security based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."What is particularly helpful is that having GitGuardian show that the code failed a check enables us to automatically pass the resolution to the author. We don't have to rely on the reviewer to assign it back to him or her. Letting the authors solve their own problems before they get to the reviewer has significantly improved visibility and reduced the remediation time from multiple days to minutes or hours. Given how time-consuming code reviews can be, it saves some of our more scarce resources."
"We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous."
"I like GitGuardian's instant response. When you have an incident, it's reported immediately. The interface gives you a great overview of your current leaked secrets."
"There is quite a lot to like. Its user interface is fantastic, and being able to sort the incidents by whether they are valid or for a certain repository or a certain user has been very beneficial in helping investigate what has been found."
"The most valuable feature is its ability to automate both downloading the repository and generating a Software Bill of Materials directly from it."
"Presently, we find the pre-commit hooks more useful."
"You can also assign tasks to specific teams or people to complete, such as assigning something to the "blue team" or saying that this person needs to do this, and that person needs to do that. That is a great feature because you can actually manage your team internally in GitGuardian."
"GitGuardian has pretty broad detection capabilities. It covers all of the types of secrets that we've been interested in... [Yet] The "detector" concept, which identifies particular categories or types of secrets, allows an organization to tweak and tailor the configuration for things that are specific to its environment. This is highly useful if you're particularly worried about a certain type of secret and it can help focus attention, as part of early remediation efforts."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"Dependency scanning is a valuable feature."
"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"The most valuable is the developer experience and the extensibility of the overall ecosystem."
"The main thing for me is the customization for some of the healthcare-specific identifiers that we want to validate. There should be some ability, which is coming in the near future, to have custom identifiers. Being in healthcare, we have pretty specific patterns that we need to match for PHI or PII. Having that would add a little bit extra to it."
"We have been somewhat confused by the dashboard at times."
"An area for improvement is the front end for incidents. The user experience in this area could be much better."
"One of our current challenges is that the GitGuardian platform identifies encrypted secrets and statements as sensitive information even though they're secured."
"We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories."
"GitGuardian's hook and dashboard scanners are the two entities. They should work together as one. We've seen several discrepancies where the hook is not being flagged on the dashboard. I still think they need to do some fine-tuning around that. We don't want to waste time."
"It would be nice if they supported detecting PII or had some kind of data loss prevention feature."
"They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers."
"The report limitations are the main issue."
"The customizations are a little bit difficult."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"There could be DST features included in the product."
GitGuardian Platform is ranked 8th in Application Security Tools with 24 reviews while GitHub Advanced Security is ranked 14th in Application Security Tools with 6 reviews. GitGuardian Platform is rated 9.0, while GitHub Advanced Security is rated 9.0. The top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". On the other hand, the top reviewer of GitHub Advanced Security writes "A tool that provides ease of integration with the set of existing codes in an infrastructure". GitGuardian Platform is most compared with SonarQube, Cycode, Snyk, Microsoft Purview Data Loss Prevention and Veracode, whereas GitHub Advanced Security is most compared with SonarQube, Snyk, Veracode, Fortify on Demand and Mend.io. See our GitGuardian Platform vs. GitHub Advanced Security report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.