Try our new research platform with insights from 80,000+ expert users

GitGuardian Platform pros and cons

Vendor: GitGuardian

4.5 out of 5

24 reviews
100% willing to recommend

Pros & Cons summary

GitGuardian Platform streamlines secret management by notifying developers of alerts, reducing security intervention. It accelerates credential remediation from days to minutes and enhances preventive measures with pre-commit hooks. While detection covers diverse secrets, integration for Azure DevOps and bug tracking needs refinement. Customization for healthcare identifiers and reducing false positives are crucial. Security teams benefit from productivity gains, but software engineers require more detailed remediation information.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

GitGuardian enables automatic notification to the developer involved when code fails a security check, improving visibility and reducing remediation times significantly.

It aids in developing a security-minded culture with an emphasis on early remediation efforts and specific secret type detection.

The platform is highly effective in detecting secrets such as tokens and passwords, thus minimizing the risk of security violations.

GitGuardian provides a significant return on investment by identifying real threats before they reach production, preventing potential security disasters.

The internal monitoring feature has dramatically increased the secrets detection rate, making GitGuardian a valuable tool for securing code environments.

CONS

GitGuardian lacks support for custom identifiers necessary for healthcare-specific pattern validation.

There is a need for improvement in RBAC support, with current incident assignment not being automatic.

False positives are a concern, with 60% being estimated as inaccurate, causing distrust among developers.

The purchasing process with GitGuardian is convoluted and time-consuming compared to competitors like Snyk.

GitGuardian's provider set for honey tokens is limited, lacking broader options beyond Amazon-based tokens.

GitGuardian Platform Pros review quotes

DC

Chief Software Architect at a tech company with 501-1,000 employees

Jul 8, 2021

What is particularly helpful is that having GitGuardian show that the code failed a check enables us to automatically pass the resolution to the author. We don't have to rely on the reviewer to assign it back to him or her. Letting the authors solve their own problems before they get to the reviewer has significantly improved visibility and reduced the remediation time from multiple days to minutes or hours. Given how time-consuming code reviews can be, it saves some of our more scarce resources.

Read full review

reviewer2223084

Lead Security Engineer at OutSystems

Jun 28, 2023

It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track down who owns the repository and who is responsible for cleaning it up.

Read full review

Application Security Engineer at Beyond Identity

May 4, 2023

It enables us to identify leaks that happened in the past and remediate current leaks as they happen in near real-time. When I say "near real-time," I mean within minutes. These are industry-leading remediation timelines for credential leaks. Previously, it might have taken companies years to get credentials detected or remediated. We can do it in minutes.

Read full review

GitGuardian Platform

Free Report: GitGuardian Platform Reviews and More

Learn what your peers think about GitGuardian Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.

816,192 professionals have used our research since 2012.

DM

Security Engineer at a tech services company with 11-50 employees

Jan 11, 2022

We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous.

Read full review

DevOps Engineer at a wholesaler/distributor with 10,001+ employees

Sep 4, 2022

GitGuardian Internal Monitoring has helped increase our secrets detection rate by several orders of magnitude. This is a hard metric to get. For example, if we knew what our secrets were and where they were, we wouldn't need GitGuardian or these types of solutions. There could be a million more secrets that GitGuardian doesn't detect, but it is basically impossible to find them by searching for them.

Read full review

reviewer2395164

Senior Application Security Engineer at Bazaarvoice

Apr 26, 2024

There is quite a lot to like. Its user interface is fantastic, and being able to sort the incidents by whether they are valid or for a certain repository or a certain user has been very beneficial in helping investigate what has been found.

Read full review

reviewer1692456

DevSecOps Engineer at Tenable Network Security

Nov 1, 2021

GitGuardian has also helped us develop a security-minded culture. We're serious about shift left and getting better about code security. I think a lot of people are getting more mindful about what a secret is.

Read full review

Jon-Erik Schneiderhan

Senior Site Reliability Engineer at a computer software company with 501-1,000 employees

Apr 27, 2022

The secrets detection and alerting is the most important feature. We get alerted almost immediately after someone commits a secret. It has been very accurate, allowing us to jump on it right away, then figure out if we have something substantial that has been leaked or whether it is something that we don't have to worry about. This general main feature of the app is great.

Read full review

reviewer2352429

Systems Engineer at a marketing services firm with 11-50 employees

Feb 29, 2024

It's also worth mentioning that GitGuardian is unique because they have a free tier that we've been using for the first twelve months. It provides full functionality for smaller teams. We're a smaller company and have never changed in size, but we got to the point where we felt the service brought us value, and we want to pay for it. We also wanted an SLA for technical support and whatnot, so we switched to a paid plan. Without that, they had a super-generous, free tier, and I was immensely impressed with it.

Read full review

Edvinas Urbasius

Cybersecurity Consultant at LCG

Nov 9, 2022

GitGuardian has helped to increase our security team's productivity. Now, we don't need to call the developers all the time and ask what they are working on. I feel the solution bridged the gap between our team and the developers, which is really great. I feel that we need that in our company, since some of the departments are just doing whatever and you don't know what they are doing. I think GitGuardian does a good job of bridging the gap. It saves us about 10 hours per week.

Read full review

Show 10 more reviews (out of 24)

GitGuardian Platform Cons review quotes

DC

Chief Software Architect at a tech company with 501-1,000 employees

Jul 8, 2021

The main thing for me is the customization for some of the healthcare-specific identifiers that we want to validate. There should be some ability, which is coming in the near future, to have custom identifiers. Being in healthcare, we have pretty specific patterns that we need to match for PHI or PII. Having that would add a little bit extra to it.

Read full review

reviewer2223084

Lead Security Engineer at OutSystems

Jun 28, 2023

I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing.

Read full review

Application Security Engineer at Beyond Identity

May 4, 2023

Other solutions have a live chat feature that provides instant results. Waiting for an agent to reply to an email is less ideal than an instant conversation with a support employee. That's a complaint so minor I almost hesitate to mention it.

Read full review

GitGuardian Platform

Free Report: GitGuardian Platform Reviews and More

Learn what your peers think about GitGuardian Platform. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.

816,192 professionals have used our research since 2012.

DM

Security Engineer at a tech services company with 11-50 employees

Jan 11, 2022

It could be easier. They have a CLI tool that engineers can run on their laptops, but getting engineers to install the tool is a manual process. I would like to see them have it integrated into one of those developer tools, e.g., VS Code or JetBrains, so developers don't have to think about it.

Read full review

DevOps Engineer at a wholesaler/distributor with 10,001+ employees

Sep 4, 2022

Right now, we are waiting for improvement in the RBAC support for GitGuardian.

Read full review

reviewer2395164

Senior Application Security Engineer at Bazaarvoice

Apr 26, 2024

Automated Jira tickets would be fantastic. At the moment, I believe we have to go in and click to create a Jira ticket. It would be nice to automate.

Read full review

reviewer1692456

DevSecOps Engineer at Tenable Network Security

Nov 1, 2021

One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs.

Read full review

Jon-Erik Schneiderhan

Senior Site Reliability Engineer at a computer software company with 501-1,000 employees

Apr 27, 2022

They could give a developer access to a dashboard for their team's repositories that just shows their repository secrets. I think more could be exposed to developers.

Read full review

reviewer2352429

Systems Engineer at a marketing services firm with 11-50 employees

Feb 29, 2024

The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a quote took two or three weeks. We paid for it in December but have not settled that payment yet.

Read full review

Edvinas Urbasius

Cybersecurity Consultant at LCG

Nov 9, 2022

For some repositories, there are a lot of incidents. For example, one repository says 255 occurrences, so I assume these are 255 alerts and nobody is doing anything about them. These could be false positives. However, I cannot assess it correctly, because I haven't been closing these false positives myself. From the dashboard, I can see that for some of the repositories, there have been a lot of closing of these occurrences, so I would assume there are a lot of false positives. A ballpark estimate would be 60% being false positives. One of the arguments from the developers against this tool is the number of false positives.

Read full review

Show 10 more reviews (out of 23)

Product Categories

Product Categories

Application Security Tools

Static Application Security Testing (SAST)

Data Loss Prevention (DLP)

Software Supply Chain Security

Popular Comparisons

Popular Comparisons

SonarQube Server (formerly SonarQube) vs GitGuardian Platform

Veracode vs GitGuardian Platform

Checkmarx One vs GitGuardian Platform

Snyk vs GitGuardian Platform

GitHub Advanced Security vs GitGuardian Platform

See all alternatives

Product Categories

Product Categories

Application Security Tools

Static Application Security Testing (SAST)

Data Loss Prevention (DLP)

Software Supply Chain Security

Popular Comparisons

Popular Comparisons

SonarQube Server (formerly SonarQube) vs GitGuardian Platform

Veracode vs GitGuardian Platform

Checkmarx One vs GitGuardian Platform

Snyk vs GitGuardian Platform

GitHub Advanced Security vs GitGuardian Platform

See all alternatives

Related questions

997

If you had to both encrypt and compress data during transmission, which would you do first and why?

104

When evaluating Application Security, what aspect do you think is the most important to look for?

212

What are the Top 5 cybersecurity trends in 2022?

175

What are the threats associated with using ‘bogus’ cybersecurity tools?

28

Which application security solutions include both vulnerability scans and quality checks?

78

We're evaluating Tripwire, what else should we consider?

2,251

Is SonarQube the best tool for static analysis?

48

Why Do I Need Application Security Software?

94

Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?

131

SAST vs. DAST: Which is better for application security testing?