We performed a comparison between GitGuardian Platform and GitHub Advanced Security based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The entire GitGuardian solution is valuable. The product is doing its job and showing us many things. We get many false positives, but the ability to automatically display potential leaks when developers commit is valuable. The dashboards show you recent and historical commits, and we have a full scan that shows historical leaked secrets."
"We have definitely seen a return on investment when it finds things that are real. We have caught a couple things before they made it to production, and had they made it to production, that would have been dangerous."
"It actually creates an incident ticket for us. We can now go end-to-end after a secret has been identified, to track down who owns the repository and who is responsible for cleaning it up."
"What is particularly helpful is that having GitGuardian show that the code failed a check enables us to automatically pass the resolution to the author. We don't have to rely on the reviewer to assign it back to him or her. Letting the authors solve their own problems before they get to the reviewer has significantly improved visibility and reduced the remediation time from multiple days to minutes or hours. Given how time-consuming code reviews can be, it saves some of our more scarce resources."
"The most valuable feature is the alerts when secrets are leaked and we can look at particular repositories to see if there are any outstanding problems. In addition, the solution's detection capabilities seem very broad. We have no concerns there."
"I like that GitGuardian automatically notifies the developer who committed the change. The security team doesn't need to act as the intermediary and tell the developer there is an alert. The alert goes directly to the developer."
"Presently, we find the pre-commit hooks more useful."
"GitGuardian has many features that fit our use cases. We have our internal policies on secret exposure, and our code is hosted on GitLab, so we need to prevent secrets from reaching GitLab because our customers worry that GitLab is exposed. One of the great features is the pre-receive hook. It prevents commits from being pushed to the repository by activating the hook on the remotes, which stops the developers from pushing to the remote. The secrets don't reach GitLab, and it isn't exposed."
"It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"Dependency scanning is a valuable feature."
"It ensures user passwords or sensitive information are not accidentally exposed in code or reports."
"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."
"The product's most valuable features are security scan, dependency scan, and cost-effectiveness."
"The most valuable is the developer experience and the extensibility of the overall ecosystem."
"I would like to see more fine-grained access controls when tickets are assigned for incidents. I would like the ability to provide more controls to the team leads or the product managers so that they can drive what we, the AppSec team, are doing."
"It could be easier. They have a CLI tool that engineers can run on their laptops, but getting engineers to install the tool is a manual process. I would like to see them have it integrated into one of those developer tools, e.g., VS Code or JetBrains, so developers don't have to think about it."
"An area for improvement is the front end for incidents. The user experience in this area could be much better."
"One improvement that I'd like to see is a cleaner for Splunk logs. It would be nice to have a middle man for anything we send or receive from Splunk forwarders. I'd love to see it get cleaned by GitGuardian or caught to make sure we don't have any secrets getting committed to Splunk logs."
"We'd like to request a new GitGuardian feature that automates user onboarding and access control for code repositories."
"The purchasing process is convoluted compared to Snyk, the other tool we use. It's like night and day because you only need to punch in your credit card, and you're set. With GitGuardian, getting a quote took two or three weeks. We paid for it in December but have not settled that payment yet."
"We have been somewhat confused by the dashboard at times."
"GitGuardian could have more detailed information on what software engineers can do. It only provides some highly generic feedback when a secret is detected. They should have outside documentation. We send this to our software engineers, who are still doing the commits. It's the wrong way to work, but they are accustomed to doing it this way. When they go into that ticket, they see a few instructions that might be confusing. If I see a leaked secret committed two years ago, it's not enough to undo that commit. I need to go in there, change all my code to utilize GitHub secrets, and go on AWS to validate my key."
"The report limitations are the main issue."
"A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"There could be DST features included in the product."
"There could be a centralized dashboard to view reports of all the projects on one platform."
"The customizations are a little bit difficult."
GitGuardian Platform is ranked 7th in Application Security Tools with 24 reviews while GitHub Advanced Security is ranked 16th in Application Security Tools with 6 reviews. GitGuardian Platform is rated 9.0, while GitHub Advanced Security is rated 9.0. The top reviewer of GitGuardian Platform writes "It dramatically improved our ability to detect secrets, saved us time, and reduced our mean time to remediation". On the other hand, the top reviewer of GitHub Advanced Security writes "A tool that provides ease of integration with the set of existing codes in an infrastructure". GitGuardian Platform is most compared with SonarQube, Cycode, Snyk, Microsoft Purview Data Loss Prevention and Veracode, whereas GitHub Advanced Security is most compared with SonarQube, Snyk, Veracode, Fortify on Demand and Mend.io. See our GitGuardian Platform vs. GitHub Advanced Security report.
See our list of best Application Security Tools vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
