Try our new research platform with insights from 80,000+ expert users
GitGuardian Platform Logo

GitGuardian Platform pros and cons

Vendor: GitGuardian
4.5 out of 5
Badge Leader

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

GitGuardian enables automatic notification to the developer involved when code fails a security check, improving visibility and reducing remediation times significantly.
It aids in developing a security-minded culture with an emphasis on early remediation efforts and specific secret type detection.
The platform is highly effective in detecting secrets such as tokens and passwords, thus minimizing the risk of security violations.
GitGuardian provides a significant return on investment by identifying real threats before they reach production, preventing potential security disasters.
The internal monitoring feature has dramatically increased the secrets detection rate, making GitGuardian a valuable tool for securing code environments.

CONS

GitGuardian lacks support for custom identifiers necessary for healthcare-specific pattern validation.
There is a need for improvement in RBAC support, with current incident assignment not being automatic.
False positives are a concern, with 60% being estimated as inaccurate, causing distrust among developers.
The purchasing process with GitGuardian is convoluted and time-consuming compared to competitors like Snyk.
GitGuardian's provider set for honey tokens is limited, lacking broader options beyond Amazon-based tokens.
 

GitGuardian Platform Pros review quotes

DC
Jul 8, 2021
What is particularly helpful is that having GitGuardian show that the code failed a check enables us to automatically pass the resolution to the author. We don't have to rely on the reviewer to assign it back to him or her. Letting the authors solve their own problems before they get to the reviewer has significantly improved visibility and reduced the remediation time from multiple days to minutes or hours. Given how time-consuming code reviews can be, it saves some of our more scarce resources.
reviewer2223084 - PeerSpot reviewer
Jun 28, 2023
It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track down who owns the repository and who is responsible for cleaning it up.
George Jenkins - PeerSpot reviewer
May 4, 2023
It enables us to identify leaks that happened in the past and remediate current leaks as they happen in near real-time. When I say "near real-time," I mean within minutes. These are industry-leading remediation timelines for credential leaks. Previously, it might have taken companies years to get credentials detected or remediated. We can do it in minutes.
Learn what your peers think about GitGuardian Platform. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,129 professionals have used our research since 2012.
DM
Jan 11, 2022
We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous.
Andrei Predoiu - PeerSpot reviewer
Sep 4, 2022
GitGuardian Internal Monitoring has helped increase our secrets detection rate by several orders of magnitude. This is a hard metric to get. For example, if we knew what our secrets were and where they were, we wouldn't need GitGuardian or these types of solutions. There could be a million more secrets that GitGuardian doesn't detect, but it is basically impossible to find them by searching for them.
reviewer2395164 - PeerSpot reviewer
Apr 26, 2024
There is quite a lot to like. Its user interface is fantastic, and being able to sort the incidents by whether they are valid or for a certain repository or a certain user has been very beneficial in helping investigate what has been found.
reviewer1692456 - PeerSpot reviewer
Nov 1, 2021
GitGuardian has also helped us develop a security-minded culture. We're serious about shift left and getting better about code security. I think a lot of people are getting more mindful about what a secret is.
Jon-Erik Schneiderhan - PeerSpot reviewer
Apr 27, 2022
The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great.
reviewer2352429 - PeerSpot reviewer
Feb 29, 2024
It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smaller company and have never changed in size, but we got to the point where we felt the service brought us value, and we want to pay for it. We also wanted an SLA for technical support and whatnot, so we switched to a paid plan. Without that, they had a super-generous, free tier, and I was immensely impressed with it.
Edvinas Urbasius - PeerSpot reviewer
Nov 9, 2022
GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week.
 

GitGuardian Platform Cons review quotes

DC
Jul 8, 2021
The main thing for me is the customization for some of the healthcare-specific identifiers that we want to validate. There should be some ability, which is coming in the near future, to have custom identifiers. Being in healthcare, we have pretty specific patterns that we need to match for PHI or PII. Having that would add a little bit extra to it.
reviewer2223084 - PeerSpot reviewer
Jun 28, 2023
I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing.
George Jenkins - PeerSpot reviewer
May 4, 2023
Other solutions have a live chat feature that provides instant results. Waiting for an agent to reply to an email is less ideal than an instant conversation with a support employee. That's a complaint so minor I almost hesitate to mention it.
Learn what your peers think about GitGuardian Platform. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,129 professionals have used our research since 2012.
DM
Jan 11, 2022
It could be easier. They have a CLI tool that engineers can run on their laptops, but getting engineers to install the tool is a manual process. I would like to see them have it integrated into one of those developer tools, e.g., VS Code or JetBrains, so developers don't have to think about it.
Andrei Predoiu - PeerSpot reviewer
Sep 4, 2022
Right now, we are waiting for improvement in the RBAC support for GitGuardian.
reviewer2395164 - PeerSpot reviewer
Apr 26, 2024
Automated Jira tickets would be fantastic. At the moment, I believe we have to go in and click to create a Jira ticket. It would be nice to automate.
reviewer1692456 - PeerSpot reviewer
Nov 1, 2021
One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs.
Jon-Erik Schneiderhan - PeerSpot reviewer
Apr 27, 2022
They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers.
reviewer2352429 - PeerSpot reviewer
Feb 29, 2024
The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a quote took two or three weeks. We paid for it in December but have not settled that payment yet.
Edvinas Urbasius - PeerSpot reviewer
Nov 9, 2022
For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives.