May 16, 2023 - Paris, France - GitGuardian, the leader in secrets detection, today announced it is joining forces with Snyk, the leader in developer security, to become part of the Snyk Technology Alliance Partner Program. The new partnership enables Snyk and GitGuardian to build, integrate and go to market together to help development and security teams scale their security programs and significantly reduce their applications’ attack surface at every stage of the code-to-cloud lifecycle.
“GitGuardian and Snyk share the same mission: helping developers build and deploy secure applications in a cloud-native world. We also share the same success; GitGuardian and Snyk are the two most installed GitHub security apps, totaling more than 70% of the downloads in their category. We’re excited to join the Snyk Technology Alliance Partner Program and provide our advanced secrets detection and remediation to Snyk’s user base.” Eric Fourrier, CEO and Founder of GitGuardian.
Today’s secrets management reality: 1 in 10 developers exposed a secret on GitHub
- Secrets management policies still need to mature, even in software-driven organizations. Incidents such as the CircleCI attack and the Uber breach in 2022 pointed out that developer secrets are still inadequately protected today.
- GitGuardian’s latest report, The State of Secrets Sprawl 2023, revealed more than 10,000,000 secrets occurrences (+67% compared to 2022) were exposed on public GitHub in 2022.
“GitGuardian’s advanced secrets detection technology detects, alerts, and prevents hardcoded secrets in the software delivery pipeline,”
said Jill Wilkins, Senior Director, Global Technology Alliances, Snyk.
“Joined with Snyk’s ability to secure all of the critical components of applications from code to cloud, organizations can mitigate risks both early in development and prevent secrets sprawl across the software supply chain. This combination greatly improves the overall hygiene of your code security posture.”
GitGuardian and Snyk have adopted parallel strategies to bridge developer and security silos. GitGuardian’s approach, dubbed “The AppSec Shared Responsibility Model,” has helped the company successfully deploy secrets detection programs for organizations with thousands of developers by:
- Providing security teams with complete visibility and continuous assessment of their software supply chain’s security posture;
- combining contextual security insights and automated remediation workflows, enabling security engineers to prioritize and relay hardcoded secrets incidents to developers quickly;
- empowering developers to fix vulnerabilities by themselves in a guided remediation process and prevent new ones by integrating secrets scanning in their workflows.
In addition, both companies are committed to delivering a best-in-class developer experience, which has resulted in their platforms being the most downloaded applications in the security category of the GitHub Marketplace, with GitGuardian and Snyk ranking first and second, respectively.
GitGuardian is the leader in automated secrets detection. The company has raised a $56M total investment from Eurazeo, Sapphire, Balderton, and notable tech entrepreneurs like Scott Chacon, co-founder of GitHub, and Solomon Hykes, co-founder of Docker.
GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations.
Widely adopted by developer communities, GitGuardian is used by over 300 thousand developers and is the #1 app in the security category on the GitHub Marketplace. Leading companies, including Instacart, Snowflake, Orange, Iress, Mirantis, Maven Wave, Payfit, and Bouygues Telecom, also trust GitGuardian.
GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents quickly and thoroughly. Organizations can achieve higher incident closing rates and shorter fix times by pulling developers closer to the remediation process. Please visit the official website to learn more.