TrustRadius Insights for GitGuardian are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
User-Friendly Interface: Many users have praised the product for its friendly and intuitive user interface. It has been mentioned by multiple reviewers that the design of the product makes it easy to navigate and perform tasks quickly.
Comprehensive Dashboard: Several reviewers have highlighted the product's dashboard as a major advantage. They have described it as awesome, offering amazing options to resolve any false-positives. This indicates that the dashboard provides a comprehensive overview of the security status and effective solutions to address any issues.
Smooth Integration with Git: The integration capabilities of the product, especially with Git repositories, have been praised by users. It has been mentioned that the integration is seamless and easy, allowing users to efficiently check their repositories for any security vulnerabilities.
I use GitGuardian Internal Monitoring mainly for vulnerability and leaks detection. I use it to scan my codebase and commits for secrets before pushing to any remote git repositories. In the past it has detected major leaks and helped protect my secrets and give steps to remedy the situation whenever such a situation happens.
Pros
Scan codebase
Detect leaks
Send notifications when vulnerabilities exposed
Cons
Web UI can improve
Likelihood to Recommend
Any scenario where you are exposing your code publicly and there are concerns for leaks. Like I had said before, we use it in our codebases for detection before commits and pushes to the remote git repository. Any leaks for private API keys can be tracked and also remedial steps to fix the situation.
GitGuardian helps us to protect our code from leaking any sensitive information like passwords, API keys, tokens or accidental push of .env files. These are called secrets and they can be very dangerous if they fall into the wrong hands. Hackers can use them to access our data, servers, or accounts and cause a lot of damage.We use GitGuardian Public Monitoring to scan our code repositories and alert us if it finds any secrets that should not be there. It also integrates with our development tools like GitHub, GitLab, or Bitbucket, so we can easily fix any issues before they become a problem. We also customize the rules and policies to suit our needs and preferences. And trust me guys GitGuardian sometimes make us lazy đ coz we know that any accidental push of secret will be handled by GitGuardian.
Pros
GitGuardian monitors every public or private GitHub commit ( that have GitGuardian installed) and event in real-time for secrets and sensitive data. In a leak scenario it immediately notifies us.
It uses sophisticated pattern matching techniques to detect credentials that cannot be strictly defined with a distinctive pattern (like unprefixed credentials)
It covers several API providers, database connection strings, private keys, certificates, usernames and passwords etc
GitGuardian have high True Positive Rate of around 91% and reduces alert fatigue with smart occurrences regrouping
Cons
First I would like to add is sometimes it makes false alert, like a normal written text. While this is rare but it causes distractions.
Second thing is pricing is somewhat not so much clear, it is bit confusing to know in what price what features I will get.
While alerts are good but It does not have a user-friendly interface for managing the alerts and incidents.
Likelihood to Recommend
If we are working on serious projects like an organization or company than GitGuardian is a must to use thing according me đ„°. Developers who use GitHub for their personal or open source projects. You want to make sure that anyone do not accidentally expose any secrets or sensitive data related to your company on their public repositories. GitGuardian Public Monitoring can help you monitor both your organization repositories and your developersâ personal repositories on GitHub and alert you if it finds any secrets that should not be there.
IF working in a very complex or customized code base or secrets detection needs. GitGuardian Public Monitoring may not be able to detect some secrets that are not covered by its predefined rules or policies. You may need to use another tool or service that allows you to create your own rules or policies for secrets detection.
I have some legacy repositories on my github that I had no idea had security flaws. When I started using GitGuardian Internal Monitoring, as soon as I did the first analysis, I received recommendations and indications of serious or low vulnerabilities. Also, if you add a new repository, with GitGuardian Internal Monitoring monitoring you receive updates in real time whether that directory has a vulnerability or not
Pros
Real-time analysis
Indication of vulnerability location
Easy integration
Cons
It would be interesting to have the option to separate content for beginner users from complex content for advanced users
Likelihood to Recommend
I have some legacy repositories on my github that I had no idea had security flaws. When I started using GitGuardian Internal Monitoring, as soon as I did the first analysis, I received recommendations and indications of serious or low vulnerabilities. If you don't understand much about private and public keys, perhaps you don't understand some of the concepts presented, I recommend that you study them first.
I been using GitGuardian Internal Monitoring for over a year now. It saves lot of my time, whenever we want to make out github repo safe, GitGuardian Internal Monitoring always got our back. I highly recommend it
Pros
secret management
Cons
so far, i don't see any room for improvement
Likelihood to Recommend
I was working on my personal project in my local machine last month, and i didn't commit for few weeks, and i just dumped all my code to github, but only god knows where i left my secret key's or security information. However, GitGuardian Internal Monitoring always saves me in 11th hour
GitGuardian Internal Monitoring helps our organization prevent data leaks by scanning code and detecting secrets such as API keys and passwords. We use it to maintain data security and ensure compliance with industry regulations. The scope of our use case is to integrate it into our development process and monitor code changes for potential leaks.
Pros
Real-time Monitoring
Comprehensive Coverage
Integration Capabilities
Cons
Enhanced Customization
Expanded Language and File Format Support
Integration with Issue Tracking Systems
Likelihood to Recommend
Based on my experience as a user, GitGuardian Internal Monitoring is well suited for the following scenarios:Source Code Repositories: GitGuardian excels at monitoring source code repositories, such as Git repositories, where sensitive information like API keys, credentials, or security tokens can be accidentally exposed. It quickly identifies these vulnerabilities and helps maintain the integrity of the codebase.
Developer usually forget to remove sensitive environment variables, or hardcoded credentials for many service when they're commiting their changes to the company's repo. GitGuardian reminds the whole team of any commited credentials before it is a threat to the company through leaks, or something else. It does have mute button for those fake or example unused credentials too!
Pros
Reminds you of commited sensitive credentials, e.g. AWS credentials
List all the unresolved sensitive credentials leak issue
Great system to "mute" resolved credentials issue
Cons
Resolve automatically when keys are removed from the repo
Integration with some services so that it knows immediately when a key is revoked
Somehow able to identify fake example credentials?
Likelihood to Recommend
I do think it'll absolutely fit everyone who codes integrates with another platform or services. We all forget that one credentials one in a while, and especially those who managed public repository, it is important to keep an eye on accidentally committed credentials. While I think you don't really needs it for personal project, it's a nice to have, you don't want to waie up to 50k USD of sudden surcharge on resources you don't use.
GitGuardian is a great service. It never fails to notify me when I have accidentally exposed a secret that I did not intend to, which unfortunately happens more than I'd like to admit. Seriously, a great product. Easy to resolve issues when you have them such as exposed secrets, etc. The service helps you resolve the issues without even leaving the GitGuarding platform. 10/10 highly recommend.
Pros
Resolving issues
Monitoring for exposed secrets
Ease of use
Likelihood to Recommend
Easy to recommend, have no qualms with it. It's a free service, after all.
VU
Verified User
Employee in Research & Development (1-10 employees)
At our organization, we use GitGuardian Internal Monitoring to monitor
our source code for any sensitive data that may have been accidentally
committed. This helps us ensure that we are compliant with various
regulations and standards, such as GDPR, PCI DSS, and HIPAA. The product
allows us to set up custom rules and alerts to notify us when any
sensitive information is detected in our code. We also use the product
to detect any malicious activity or suspicious commits that could
potentially compromise our security. The scope of our use case
encompasses all of our repositories and projects, making sure that all
of our code is properly monitored and secure.
Pros
Secrete Incidence
Analytics
Real-time Alerts
Data Analysis
Cons
Improved user interface: It would be beneficial to have a more intuitive and user-friendly interface for Internal Monitoring on GitGuardian. This would make it easier for users to quickly access the data they need and understand the results of their scans.
Automated alerts: It would be helpful to have automated alerts when certain conditions are met, such as when a scan reveals sensitive data or when a new repository is created. This would help users stay informed and take action in a timely manner.
More detailed reports: Currently, Internal Monitoring reports are limited in terms of the depth of information they provide. It would be useful to have more detailed reports that include additional metrics, such as the number of repositories scanned and the types of sensitive data found.
Faster scan times: Scan times can be slow at times, making it difficult to stay on top of changes in repositories quickly. It would be beneficial to have faster scan times so that users can take action quickly when needed.
Likelihood to Recommend
GitGuardian Internal
Monitoring is well suited for scenarios where a company needs to monitor
their internal git repositories for any sensitive data that may have
been accidentally committed. This could include credit card numbers,
passwords, API keys, and other confidential information. It is also
useful for detecting malicious commits such as backdoors or malware.
GitGuardian Internal Monitoring is less appropriate for scenarios
where a company does not need to monitor their internal git repositories
for any sensitive data or malicious commits. For example, if a company
does not have any confidential information stored in their repositories
or does not need to detect malicious code, then GitGuardian Internal
We use GitGuardian Internal Monitoring to detect if secrets have been uploaded to source control (GitHub). It's been very useful in detecting if a compromised password was uploaded or made public, and allows us to remediate it and log the incident easily.
Pros
detects secrets
alerts users
provides guidance on easy remediation of secrets
Cons
I'm not really sure, it does what we need it to do.
Likelihood to Recommend
any kind of public or private source control where secrets may be committed, it will help detect them and alert, keep a record of the incident, and also provide a guide for remediation of the problem (such as revoking the secret, removing it from github, etc...)
VU
Verified User
Engineer in Information Technology (51-200 employees)
