Abbas Haidar and his team use GitGuardian Internal Monitoring to scan their source code and avoid secret sprawl. PeerSpot interviewed him and wrote a detailed review.
Here is his advice:
“Secrets detection is a very essential part of security. It's one of the basics that you need to cover all the time. Otherwise, you're going to expose your endpoints online and you're going to suffer endless attacks. When it comes to application development, secrets detection is essential to a security program. You need to have it. Otherwise, you'll fail.”
Abbas has seen some real impact after deploying GitGuardian:
“Before we had GitGuardian we were blind. [Now] We are able to notify developers of issues on the spot and tell them, "You have exposed a secret." It is absolutely brilliant.
GitGuardian has fewer false positives, which is very advantageous. It has decreased our false positives by a minimum of 20 percent. The secrets detection is more accurate.”
He also outlines the long term benefits on code quality:
“Usually, for developers, security is an overhead, but GitGuardian has never been an overhead. It is always helping developers understand where they did something wrong, and the need to fix it. That's what has allowed us to protect the developers and the company assets from security breaches.”
He also comments about the information given with the alert and remediation:
“The scope of GitGuardian's detection capabilities is better than anything else. When they give you a description of what happened, it's really easy to follow and to retest. And the ability to retest is something that you don't have in other solutions. If a secret was detected, you can retest if it is still there. It will show you if it is in the history. It also helps to quickly prioritize remediation”
You can also try the solution today! Remember if you are an individual developer or part of a small team, it is free!
Sign up to GitGuardian with GitHub