Blake and his team use GitGuardian Internal Monitoring to keep secrets out of their source code. PeerSpot interviewed him and wrote a detailed review.
Blake recognizes the risk of exposing secrets in the source code:
“You're only as good as the software you write, and you're in for a world of hurt if you put the keys to the castle inside of that source code that could be somehow reverse-engineered. By separating the two, the source code and the keys, you're one step ahead of that. I think it's essential.”
This large computer software company has a mature DevSecOps approach:
“We want all of our security tools to be at the source code level and preferably running immediately upon commit.”
Both time to detect and time to remediate have improved:
“I can say that tracking down a secret, getting it migrated out of source code, getting the secret rotated, and cleaning the Git history took much longer from commit until the full resolution before GitGuardian. We weren't notified until it was too late, but with GitGuardian, we knew almost instantly.”
He sees how GitGuardian impacts the overall security culture of the organization:
“Guardian has also helped us develop a security-minded culture. We're serious about shift-left and getting better about code security. I think a lot of people are getting more mindful about what a secret is.”
And we could not miss quoting him when he speaks about GitGuardian customer service:
“GitGuardian's support is fantastic. I don't think I could rate them anything less than a 10 out of 10. We had a few questions about how to stand up our deployment. The SRE assigned to our project was readily available and very knowledgeable.”
You can also try the solution today! Remember if you are an individual developer or part of a small team, it is free!
Sign up to GitGuardian with GitHub