Gartner has acknowledged GitGuardian as a Sample Vendor in two reports this summer, the Gartner Hype Cycle™ for Application Security 2022 and the Gartner Hype Cycle™ for Agile and DevOps 2022.
We are proud to be recognized as a Sample Vendor in this year's editions of the Hype Cycle for Application Security and Agile and DevOps. We believe this double recognition in the Securing Development Environments section of the reports showcases the hard work done by our teams and the value the GitGuardian platform is delivering to software-driven organizations in their journey towards better Application Security.
Jérémy Thomas, CEO and co-founder of GitGuardian.
The Hype Cycle™ reports help "clients get educated about the promise of an emerging technology within the context of their industry and individual appetite for risk." With four transformational technologies (up from one last year) and more than 30 segments covered, the 2022 Hype Cycle™ for Application Security delivers on its promise.
In this edition, Gartner analysts examine the driving forces behind the profound transformation Application Security is experiencing – the transition to cloud-native applications, the increased involvement of development teams in day-to-day security operations, and the rise of software supply chain risks.
In both Hype Cycle™ reports, Gartner recognizes GitGuardian as a Sample Vendor in the Securing Development Environments category.
Securing Development Environments involves protecting the complete software development environment including but not limited to source code repositories, CI/CD pipelines, application artifacts and user identity information. Development environments become a primary attack vector since they contain IP, trade secrets and user credentials. The increased incidence of supply chain attacks not only puts the affected organization at risk but also organizations participating in the ecosystem.
This recognition confirms our vision. The software environment where digital services and applications are born and delivered has become overly complex and heterogeneous. Amplified by the lack of security practitioners' deep familiarity with DevOps tools and processes, this complexity has turned such environments into a fertile ground for misconfigurations and vulnerabilities.
One such vulnerability is hardcoded secrets (or unsecured credentials). Considered to be a treat for attackers, exposed secrets like API keys, database connection strings, and certificates draw new avenues and schemes where further lateral movement, data exfiltration, and software supply chain compromise are all on the menu.
The GitGuardian Internal Monitoring platform, recognized by Gartner, helps organizations enhance their security posture by reducing the risks of secrets exposure in the software development lifecycle (SDLC). GitGuardian's automated detection and remediation capabilities:
- Give security teams a complete understanding and visibility over the SDLC, spanning Git-based VCS platforms like GitHub, Gitlab, and Bitbucket and CI/CD tools like Jenkins, CircleCI, and GitLab pipelines, to name a few.
- Support AppSec engineers and developers combined efforts for remediation, with automated alerting and incident feedback collection workflows.
- Empower developers to write more secure code and harden repositories against hardcoded secrets, thanks to ggshield – the popular open-source secrets detection CLI.
To learn more about Securing Development Environments and other exciting developments in Application Security, follow this link to get your complimentary copy of the Hype Cycle™ Application Security 2022 report.
Gartner and Hype Cycle are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
Gartner® does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner® research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner® disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.