Security Chats - Andy, Senior Security Engineer at an insurance company

Andy, Senior Security Engineer at an insurance company has been interviewed by PeerSpot on his usage of GitGuardian Internal Monitoring. They needed a detection tool that would work across all languages and help them identify problem areas. He recognizes the risk of exposing secrets:

“If a colleague in security at another company were to say to me that secrets detection is not a priority, I'd ask them why that's the case. Arguably, secrets in source code are a very large risk, especially given the distributed nature of working at the moment.”

Andy uses GitGuardian Internal Monitoring to support their shift left strategy.

The platform has helped to facilitate a better security culture within our organization. In addition to highlighting problems, it shows engineers how to properly remove them from the code, and provides advice on rotation.
The ability to check for secrets as part of pre-push hooks is fantastic, as it helps identify issues before they reach the main codebase, and that was the ultimate goal for us.

He gives a bit more details on the remediation step and how they leverage Developer in the Loop:

The Dev in the loop feature has helped us to learn about problems and has helped us get our hands on remediating. We've gone from having very long-lived incidents to having much shorter incidents.” “This feature is effective in terms of helping collaboration between developers and our security team. It's automated, to a large extent.

From the security team productivity standpoint, the value is also in the product capacity to “deliver a key, strategic roadmap item for our organization and the out-of-the-box reporting mechanisms allow for easy data presentation to both specific engineering teams and senior leadership.

Looking more precisely on GitGuardian performance, Andy has some comments on the false-positive rate:

The solution offers reliable, actionable secrets detection with a low false-positive rate. That low false-positive rate was one of the reasons we picked it. There are always going to be some, but in reality, it's very low compared to a lot of the other, open-source tools that are available.

You can also try the solution today! Remember if you are an individual developer or part of a small team, it is free!

Sign up to GitGuardian with GitHub

Read the Full Review