GitGuardian monitors GitHub round the clock to look for your organization’s secrets and sensitive data. Find hardcoded API keys, database credentials, private keys, and a lot more in public or private git repositories.
Developers
Set up pre-commit Git hooks and catch hardcoded secrets before you push your work.
SECURITY TEAMS
Act on high-fidelity alerts and empower your developers to remediate their own incidents.
Devops & sres
Harden your CI/CD pipelines with automated secrets scanning and never deploy a secret again.
GitGuardian
GitHub Advanced Security
GitGuardian
GitHub Advanced Security
✅ %ndet%+ types of secrets supported with high accuracy level provided by the ability to check the validity of some type of keys before raising an alert
✅ 160 detectors including 7 generic detectors, plus custom patterns.
🟠 Validity checks are limited to GitHub tokens, Google API keys, AWS API keys and Slack API tokens.
✅ 22 sensitive filenames detected (ex: id_rsa, .env)
✅ 14 file extensions detected (ex: .key, .cert)
✅ Enforce the presence of .gitignore files
❌ No sensitive file names are detected.
❌ No sensitive file extensions are detected.
← swipe left
GitGuardian
GitHub Advanced Security
✅ Supported through GitGuardian CLI app "ggshield", for teams fully embracing Shift Left | Works for Pre-commit, Pre-push, Pre-receive
❌ Not supported.
✅ Yes, scanning covers Dockerfile, build arguments, and the image's layers' filesystem
❌ Not supported.
✅ Yes, runs with GitHub Actions, GitLab pipelines, Bitbucket pipelines, Azure pipelines, Jenkins CI, Circle CI, Drone CI, and Travis CI
❌ Not supported.
✅ Yes, runs with GitHub, GitLab, Bitbucket
🟠 Yes, limited to GitHub.
← swipe left
GitGuardian
GitHub Advanced Security
✅ Developers can get access to incidents via the GitGuardian dashboard or via a link to an external page to view incident details, fill a feedback form and remediate the incident on their own.
✅ Developer with sufficient rights at the repo level can see the "security" section.
✅ Rich UI/centralized dashboard for Security and Incident Response teams.
✅ Results are displayed in the "security" section of a given repository (see documentation).
✅ Yes, the available roles "Workspace Owner", "Manager" (admin), "Member" and "Restricted" are designed for fine-grained access control down to the occurrence level.
✅ Secret scanning access rights can be granted by organization admins/repository owners to security managers (still in beta) or select developers.
← swipe left
GitGuardian leads the way in Non-Human Identity security, offering end-to-end solutions from secrets detection in code, productivity tools and environments to strong remediation, observability and proactive prevention of leaks.
.svg)
© %copyright-year% GitGuardian. All Rights Reserved.
.avif)
