2021-07-08T04:55:00Z

What is your primary use case for GitGuardian Internal Monitoring ?

Miriam Tover - PeerSpot reviewer
  • 0
  • 23
PeerSpot user
15

15 Answers

EE
Real User
Top 20
2024-02-29T16:50:00Z
Feb 29, 2024

We use GitGuardian to detect secrets that have inadvertently been committed to our source code. GitGuardian monitors every Git push and commits we make, and it analyzes the files, looking for things like access tokens, passwords, session ID cookies, etc. If that happens, GitGuardian raises a ticket in our internal ticketing system, and we remedy it.

Search for a product comparison
BU
Real User
Top 20
2024-02-28T14:20:00Z
Feb 28, 2024

We utilize GitGuardian to scan for secrets within our codebase. Our implementation includes pre-receive and pre-commit hooks, dashboard scans, and CI/CD integration within GitLab.

UP
Real User
Top 20
2023-06-28T17:51:00Z
Jun 28, 2023

We are using GitGuardian Internal Monitoring on our GitHub Enterprise repositories to make sure that our developers are not introducing any secrets into the code. Those secrets could be things like database passwords, connection strings, or AWS credentials. We use it when they commit code to our GitHub internal repositories.

George Jenkins - PeerSpot reviewer
Real User
Top 10
2023-05-04T22:12:00Z
May 4, 2023

GitGuardian Internal Monitoring is a tool we use to deal with internal credential leaks. We found that our development teams included sensitive credentials in merge requests with concerning frequency in the early days of our startup. We have 45 GitGuardian users. Most are developers or engineering managers, and a few are security team members. Our development team is much larger than our security team, so GitGuardian's ability to pull developers in and turn them into security analysts is quite helpful. GitGuardian notifies developers of the credential leak they created and lets them take the appropriate steps to remediate it. That's preferable to having our limited security team take care of it for them.

BB
Real User
Top 20
2023-02-15T14:54:00Z
Feb 15, 2023

We use GitGuardian to check standard configurations and scan for possible leaked secrets. Developers and software engineers sometimes commit to AWS keys, login credentials, SMTP databases, and other secrets.

PH
Real User
Top 20
2022-12-22T00:43:00Z
Dec 22, 2022

We use GitGuardian to detect secrets in our source code. Two security engineers use GitGuardian, and developers access it when they commit issues. We've had four developers who have accidentally committed something. We are currently using it extensively and plan to scale it to every new repository we add.

Learn what your peers think about GitGuardian Platform. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Emre Ceevik - PeerSpot reviewer
Real User
Top 10
2022-09-15T21:05:00Z
Sep 15, 2022

We use it for detecting secrets in our code repositories.

EU
Real User
Top 20
2022-09-14T02:51:00Z
Sep 14, 2022

Since we have a lot of internal teams, the main team running this tool is composed of developers. Because of the security aspects of GitGuardian, they figured that we needed to bridge the gaps and work together. GitGuardian creates a lot of alerts in the code. If someone uses new passwords or secrets, then we can see in which repository as well as who used it and left their password in the code. We monitor these things. However, they haven't given us a permission to work with alerts since it is more for analysis purposes right now, seeing what problems we have in the company, e.g., we are seeing a lot of people just dumping passwords in the code, which is not a good approach. Our main strategy is focusing on moving testing quality and performance earlier on in the development process. Developers are focusing on this quite heavily. We are using the latest version.

Melvin Mohadeb - PeerSpot reviewer
Real User
Top 20
2022-09-14T00:11:00Z
Sep 14, 2022

The main goal is to be alerted and to react when a secret has been leaked in our code base. We have GitGuardian linked to our code-based storage on GitHub. GitGuardian also has a notification integration with Slack which is what we use internally for communication. We are alerted on Slack, "There's an incident here on GitGuardian for a secret leak on GitHub." From there, we can go into incidents and start managing the incident.

Andrei Predoiu - PeerSpot reviewer
Real User
Top 10
2022-09-04T17:00:00Z
Sep 4, 2022

Our main use case is operational security. We have a big IT platform. A lot of it is built in-house. We are not a focused IT company. We are a retailer. We have a lot of developers with a lot of different levels and projects. For example, with fashion brands, it is just, "Oh, we want to do this new app," and then they put it on our GitHub. Suddenly, we see all kinds of API keys and secrets in there. This solution is very useful for us because GitGuardian lets us know about them, then we can take care of it. It is on the cloud. We gave GitGuardian access to our organization and codebase. It just scans it on an ongoing basis.

Jon-Erik Schneiderhan - PeerSpot reviewer
Real User
Top 10
2022-04-27T08:20:00Z
Apr 27, 2022

We procured it as a secrets and code detection solution. We have code bases, some of which are 10-years-old. We needed a way to comb through all of the Git histories to see if any developers had committed secrets to our code in the past as well as catch any new secrets that developers may accidentally commit in the future. We are using GitGuardian Internal Monitoring.

AH
Real User
2021-12-20T14:37:00Z
Dec 20, 2021

We use it for secrets detection.

IK
Real User
2021-11-11T19:25:00Z
Nov 11, 2021

We monitor our GitHub repositories for security violations and secrets. We have our organization on github.com for infrastructure as code and our use case is to find security violations as soon as possible. When development uses active tokens or passwords on github.com, we need to immediately escalate things to the right person, so they will be removed. We started with public monitoring and switched to internal.

BK
Real User
2021-11-01T07:02:00Z
Nov 1, 2021

Mainly we use GitGuardian to keep secrets out of our source code. That is something that we wanted to get serious about getting our hands around. This was the main driver because I had tried other tools like TruffleHog. It was cumbersome to manage the unwieldy Git history and to figure out. When you run TruffleHog, you have no way of knowing what's in the current branch versus your Git history. Hence, it's tough to decipher what secrets are still possibly valid.

DC
Real User
2021-07-08T04:55:00Z
Jul 8, 2021

In general, we use Gitguardian as a safety net. We have our internal tools for validating that there is no sensitive data in there. GitGuardian is a more general and robust solution to double-check our work and make sure that if we are committing something, it only contains development IDs and not anything that is production-centric or customer-centric. The main way in which we're using it at the moment is that it is connected through the GitHub integration. It is deployed through our code review process. When pull requests are created they connect with GitGuardian, which runs the scan before there is a review by one of our senior devs. That means we can see if there are any potential risk items before the code goes into the main branch.

GitGuardian helps organizations detect and fix vulnerabilities in source code at every step of the software development lifecycle. With GitGuardian’s policy engine, security teams can monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations. Widely adopted by developer communities, GitGuardian is used by more than 500,000 developers and is the #1 app in the security category on the GitHub Marketplace. GitGuardian is also trusted by leading...
Download GitGuardian Platform ReportRead more