With more than 170k GitHub users and 4.3M repositories under our shield (and growing fast!), GitGuardian is proud to help the developers’ community code safer. As a company built on the premise of bridging the gap between AppSec and engineering teams, we are glad to hear about your experience with our product. Here is what you’ve been telling us lately:
“GitGuardian integrates in a snap!”
We are using GitGuardian to prevent secrets from leaking into repositories both public and private. So far our experience has been excellent. We actually leaked a private SSH key and got a notification from GitGuardian almost immediately. We were able to revoke the key and remediate the blunder.
Pros: Integration was a snap. We're already using pre-commit for most of our repos so hooking GitGuardian into the process was simple. Since we also already use GitHub, we found integration to be extremely easy.
Cons: We had no issues integrating GitGuardian and have not found any cons, yet.
“Really a Guardian ...”
Pros: The product is easy to use and easily integrable. I love how it alerts me when I have secrets exposed.
Cons: I didn't explore much but I like everything till now ... :)
"Best coverage in industry as compared to other tools"
Pros: Support for kind of secrets being provided and ease of use. Also, it provided information regarding a secret being valid or now, which reduces much workload. Excellent support from product team.
Cons: Nothing as of now. All the current provided features serves the purpose
"The best ways to maintain security on your repos"
Pros: Extremely easy to set up and use, it's like plug and play and helps you safeguard your repo secrets and immediately triggers a notification if it finds any juicy stuff.
Cons: The dashboard could be a little more better with less of cluttered information, other than that no cons as of yet.
"Prevent developers from committing secrets"
Pros: Ease of use and integration with Github. Instant alert whenever you mistakenly check a secret into your commits. You can easily manage (resolve, ignore, etc) all incidents from the GitGuardian dashboard.
Cons: Since the time I've started using GitGuardian, I can't think of anything feature I dislike. But I hope GitGuardian adds more features like local integration with IDE/code editors.
"Junior Dev discovers incident exposure"
Pros: The augmented pull requests for GitHub save loads of time and energy. The addition of Personal Access Tokens for ggshield cli use is also extremely exciting!
Cons: In my view, there's nothing to complain about given that access is free.
"GitGuardian: Code Scanner for CICD microservices"
Pros: GitGuardian is an excellent tool to scan the code after every commit. It makes sure that developers didn't commit any secret value in the code by mistake. We have integrated it with the CI pipelines, and I must say that interaction is very easy. We can monitor all the repo and reports from a single dashboard. One of the thing which I like is, GitGuardian provides integration with almost all the CI tools and microservices tools.
Cons: Currently, the features are limited to secrets scan, It's not something to dislike, but I would like to see the features like Docker image scan and IaC scans in the future.
"We are using GitGuardian to scan Django our repos for credentials that might have been committed"
Pros: You get a worry-free commit. Integrated into the SDLC pipeline, it is helpful for internal security, mainly if the credentials are not not to be shared with the public. Better, since we produce open-source software, GitGuardian helps ensure we do not publish sensitive info that somebody can use to target us. The fact that you can restrict the scan of particular folders is very appreciated.
Cons: It scans even sub repositories that are not ours. If some packages that we use but do not maintain are included in the scan, we get false positives that we wouldn't like to have. Fortunately, that can be easily corrected on the GUI.