Application Security Engineer at a energy/utilities company with 10,001+ employees
Real User
Top 20
2024-03-05T20:29:00Z
Mar 5, 2024
I would rate GitGuardian Public Monitoring nine out of ten. Once deployed GitGuardian will only require minimal maintenance. For organizations that don't prioritize secret detection, deploying honeytokens can be a wake-up call. They'll quickly see the importance of implementing secret detection measures. Secret detection is crucial for a security program aimed at application developers. Exposing secrets in code is akin to giving away your house keys. I recommend evaluating GitGuardian Public Monitoring through a trial, similar to our experience. This was very helpful in understanding the system, developing workflows, and determining how we could best utilize it. Unfortunately, when I was assigned to work with it, I didn't receive any initial training. My manager simply informed me that we would be using the tool. While I was able to learn it independently, a demo or introduction from GitGuardian beforehand would have been beneficial. This would have allowed me to explore the functionalities before diving in and figuring things out on my own. I recommend GitGuardian Public Monitoring to others.
My advice would be to compare this solution with open-source solutions. If you're not convinced about GitGuardian, benchmark it with other tools. Open-source tools are nice because most of the time they're free, if you don't take the support. But if you compare GitGuardian with other solutions, you will see that the efficiency is really not the same. If a colleague in security said to me that secrets detection is not a priority, I would say that's a mistake. Most of the big security problems come from either social engineering attacks or credential stuffing. So it's really important to know that your engineers and your employees are going to leak secrets. That's life. Most of the time, it's due to mistakes. But if it happens, we need to act on it, and a solution such as GitGuardian is a really nice way to monitor and really efficiently detect these leaks. Secrets detection is important to a security program for application development, especially if your company is growing and you have a lot of engineers. The more engineers there are, the more there is potential for leaks to happen. There is no maintenance of the solution on our side, except for putting the GitHub API token inside Gitguardian so that it has access to our repositories to detect potential secrets.
Application security is a significant challenge for software engineers, as well as for security and DevOps professionals. It comprises the measures taken to improve the security of online services and websites against malicious attacks by finding, repairing, and preventing security weaknesses and vulnerabilities.
I would rate GitGuardian Public Monitoring nine out of ten. Once deployed GitGuardian will only require minimal maintenance. For organizations that don't prioritize secret detection, deploying honeytokens can be a wake-up call. They'll quickly see the importance of implementing secret detection measures. Secret detection is crucial for a security program aimed at application developers. Exposing secrets in code is akin to giving away your house keys. I recommend evaluating GitGuardian Public Monitoring through a trial, similar to our experience. This was very helpful in understanding the system, developing workflows, and determining how we could best utilize it. Unfortunately, when I was assigned to work with it, I didn't receive any initial training. My manager simply informed me that we would be using the tool. While I was able to learn it independently, a demo or introduction from GitGuardian beforehand would have been beneficial. This would have allowed me to explore the functionalities before diving in and figuring things out on my own. I recommend GitGuardian Public Monitoring to others.
My advice would be to compare this solution with open-source solutions. If you're not convinced about GitGuardian, benchmark it with other tools. Open-source tools are nice because most of the time they're free, if you don't take the support. But if you compare GitGuardian with other solutions, you will see that the efficiency is really not the same. If a colleague in security said to me that secrets detection is not a priority, I would say that's a mistake. Most of the big security problems come from either social engineering attacks or credential stuffing. So it's really important to know that your engineers and your employees are going to leak secrets. That's life. Most of the time, it's due to mistakes. But if it happens, we need to act on it, and a solution such as GitGuardian is a really nice way to monitor and really efficiently detect these leaks. Secrets detection is important to a security program for application development, especially if your company is growing and you have a lot of engineers. The more engineers there are, the more there is potential for leaks to happen. There is no maintenance of the solution on our side, except for putting the GitHub API token inside Gitguardian so that it has access to our repositories to detect potential secrets.