With more than 110k GitHub users and 2.5M repositories under our shield (and growing fast!), GitGuardian is proud to help the developers’ community code safer.

Becoming the #1 Security App in the GitHub Marketplace has been a very important milestone in our mission to put security at the heart of the software engineering teams’ daily work. And we couldn’t have gotten there without you.

As a company built on the premise of bridging the gap between AppSec and engineering teams, we understand that our appeal is directly proportional to the Developer Experience (DX) we provide. The first step towards enhancing this experience starts with listening attentively to your regular feedback, so here is what you’ve been telling us lately:

“Lifesaver for solo or small teams”

Pros: Has kept me from pushing private keys to repos and alerted me when I have so I can quickly update. Must have for small teams or solo devs such as myself.

Cons: I don't have any cons, I don't use GitGuardian as much as a very dev-heavy team might though.

“Exactly as Expected”

Pros: It's easy to use and documentation is concise and straightforward.

Cons: Oftentimes can feel like it is used in niche cases but it is more pertinent than expected.

Scanning source code for credentials can look like a niche use case in the already crowded AppSec space. Yet, the figures are here to back our reviewer: this type of vulnerability is becoming a major concern in the industry, amplified by the fact that they cannot be uncovered by the existing security toolset.

That explains why the problem is most certainly underrated.

“A great tool to avoid securities issues”

Pros: The real-time notification system allowing to control the secrets leak instantly.

Cons: At first I was concern about the data Gitguardian has access but I think they manage it pretty clear.

We provide the most extensive real-time monitoring of secrets. For really sensitive leaks, this can make a big difference (an accidentally GitHub published secret is compromised within seconds). But even outside the most dramatic cases, the true value of such a feature resides in the added serenity and comfort of use. You are completely in control of each leak and the system lets you decide how to manage each incident (smartly grouping multiple instances if needed). A non-intrusive but reactive workflow. Learn more

“Feel confident that your developers aren't committing secrets.”

Overall: Very positive, I feel more confident now that secrets won’t be in git long if they are committed at all. I can trust if I haven't gotten an alert that there are no secrets.

Pros: I like the timely notifications when there is an alert, and the triage for dealing with them is quick and easily understood by users.

Cons: Integration with GitHub more to create issues and pull requests to remove secrets would be nice.

Further integration with VCS providers will be enabled in the future.

“Protector of all things Coded.”

Overall: I'm new to GitGuardian and a CS student in college. That being said, I'm prone to accidentally commenting security keys in code and forgetting to delete them before commit. The GitGuardian tool has been assisting me in ensuring my recent project applications are not exposed and the easy integration is a big plus.

Pros: Git Secret Detection and Incident report.

Cons: None I can think of yet. But with time there will be additional features that can help ensure optimal security during development. Like some sort of integration in VS Code itself.

One of our main objectives as a company is to make developers aware of the fact that secrets are keys to the kingdom (the easy part) and that, as every human and no matter what their skill level, they’re error-prone (the hard part). Education is one of the reasons this blog exists at all!

Finally, some tweets from this great community :