💻 Developer Endpoint Protection is here: find every credential on every developer machine, before attackers do.
3
💻 Developer Endpoint Protection is here: find every credential on every developer machine, before attackers do.
3
free
For individuals or up to 25 devs
free Plan also includes:
.svg)
Up to 25 devs
Unlimited real-time scanning
Up to 500 historical scan detection
Business
For teams up to 200 devs
Up to 20 teams
Remediation playbooks
Scan Git repository up to 12 Gb
Enterprise
Recommended for 200+ dev teams
Self-hosted deployment available
Unlimited teams, API calls & custom detectors
Dedicated support channel
.svg)
.svg)
.svg)
Scan and fix
hardcoded secrets.
We catch the leaks, you stop the intrusions.
Detect credentials on developer and employee machines
Get full control and visibility of your Non-Human Identities.
.svg)
Application source code, Docker images with ggshield
++
++
++
Git repositories max scanning size
1 Gb
12 Gb
60 Gb
Scan developers collaboration tools
--
--
Add-on (Ticketing, Documentation, Messaging, Container Registries)
Historical scan
500
Unlimited
Unlimited
Multi-VCS support GitHub, Azure Repos, GitLab, Bitbucket
++
++
++
GitHub Enterprise server
--
++
++
Developer workstations scan - Git hooks
++
++
++
Pull requests - GitHub only
++
++
++
Specific detectors (%ndet%+)
++
++
++
Generic detectors (%ngdet%+)
++
++
++
Custom detectors - REGEX based
--
++
++
Validity and presence checks (periodicity)
Low frequency
High frequency
High frequency
Automated severity scoring
(context-based)
--
++
++
End-to-end mapping (Sources, scope, leaks)
--
--
++
Developer-in-the-loop
(feedback and resolution)
++
++
++
Remediation tracking
++
++
++
Remediation playbooks
++
Only some playbooks
++
++
Remediation guidelines
for developers
++
Default and custom
++
++
Secrets managers integrations
--
++
++
Push-to-vault
--
--
++
GitGuardian CLI ggshield
(in pre-commit hooks)
++
++
++
VScode extension
++
++
++
Official open-source repositories
--
--
++
Public personal repos of developers and subcontractors
--
--
++
Regular update of this perimeter
--
--
++
Real-time monitoring of GitHub repos
--
--
++
Scan 6 years of past contributions
(Even if deleted or made private)
--
--
++
Specific and generic secrets detection
--
--
++
Keyword detection specific to your organization
--
--
++
Built-in validity and presence checks
--
--
++
Advanced contextual analysis that enhances precision & recall
--
--
++
Post-detection insights
--
--
++
Audit logs
--
--
++
Notifications via configured channels (Jira, Slack, etc.)
--
--
++
Alerts on events
(severity updates, notes, etc.)
--
--
++
Emails for new incidents, public events etc
--
--
++
Search Public GitHub with regex and full-text queries and scan results for secrets
--
--
++
SaaS
--
--
++
SSO login with SAML 2.0 or SCIM
--
--
++
Roles & permissions
--
--
++
REST API for programmatic and at-scale incident lifecycle management, custom webhooks
--
--
++
Onboarding program with dynamic attack surface mapping
--
--
++
Account management and customer success support
--
--
++
Ticket portal and live support
--
--
++
Secrets managers
--
++
++
Cloud identity and access management (IAM)
--
--
++
Cloud infrastructure configuration
--
--
++
Real-time inventory
--
--
++
Unified View
--
--
++
Ownership
--
--
Coming soon!
Permissions & access
--
--
++
End-to-end mapping (Sources, consumers, scope, leaks)
--
--
++
Policy breach context in an exploration graph
--
--
++
Push-to-vault
--
--
++
Safe revocation/rotation
--
--
++
Duplicated and reused secrets detection
--
--
++
Internal and public Incidents overview
--
--
++
Meeting the OWASP Top 10 policies
--
--
++
Vaulted secrets metrics
--
--
++
Amount included
--
--
Unlimited
Types supported
--
--
AWS IAM
Automated detection in code
--
--
++
Perimeter coverage tracking
--
--
++
Deployment jobs
--
--
++
Leakage detection on GitHub
--
--
++
IP enrichment & labeling
--
--
++
Enriched events stream
--
--
++
Incident response workflows
--
--
++
Billing metric
Add-on
Add-on
Developer endpoints (machines of devs with platform seats)
--
Contact Sales
Contact Sales
Standard endpoints (non-dev: marketing, ops, etc.)
--
Contact Sales
Contact Sales
Dev endpoints = platform seats (1:1 mapping)
--
++
++
Honeytoken per endpoint
--
1 per endpoint
1 per endpoint
Automated credential detection on machines
--
++
++
AI hooks on developer workstations
--
++
++
MCP inventory
--
++
++
SaaS
++
++
++
Data center regions
US
US / Europe
US / Europe
Self-hosted
(Helm or KOTS)
--
--
++
GitGuardian Bridge
--
--
++
SSO login with SAML 2.0 support and SCIM
--
++
++
Teams
--
Up to 20 teams
Unlimited
Roles
--
++
++
Inventory management
(with key/value custom tags & saved views)
++
Up to 100
++
++
IP allowlisting
++
++
++
Common Access Card (CAC)
--
--
++
Native integrations for %third parties with gg notifications integration%
++
Workspace-level
++
++
Event-driven webhooks
++
++
++
Analytics insights
++
++
++
Analytics charts
--
++
++
Export (.csv format)
--
++
++
REST API for workspace and
incident management
++
++
++
GitGuardian CLI for
developers (ggshield)
++
++
++
Quota
10,000
calls/month
100,000
calls/month
Unlimited
Audit logs (UI)
++
++
++
Audit logs (API)
++
++
++
Onboarding program
Self-service resources
(docs, guides)
++
++
Customer support
Ticket portal
Ticket portal
Ticket portal and live support
Support availability
N/A
Next business day
During
business hours
Premium support
--
--
Add-on
You have more than 500 developers? Let’s get you on our enterprise onboarding program.
.svg)
Build and rollout the most comprehensive secrets detection and remediation program.
Get support from a dedicated team of SREs for on-premise deployments
Design a phased rollout program with the help of our Solutions Engineering team
Train security and dev teams on vulnerability management and remediation
Schedule a 30-minute demo and get a complimentary report with your organization’s live incidents on GitHub.
The GitGuardian Platform provides unified secrets and NHI security through four core capabilities: Internal Secrets Monitoring (find leaks across code, CI/CD, and collaboration tools), Public Secrets Monitoring (catch what leaks on public GitHub), NHI Governance (protect every machine identity across your vaults and IAM systems), and Developer Endpoint Protection (extend coverage to the developer's own machine).
GitGuardian Platform licenses can be acquired via the AWS Marketplace. As an AWS ISV Accelerate partner, we offer seamless integration and streamlined procurement. Please visit https://aws.amazon.com/marketplace to learn more.
If you are a large organization looking to acquire several hundred licenses, you can also request a private offer from the GitGuardian team. Please contact sales@gitguardian.com.
These two products are complementary and available in the platform. They come in the form of two different dashboards. GitGuardian for Public Secrets Monitoring is typically used by Threat Response, while Internal Secrets Monitoring is typically used by Application Security.
This greatly depends however, on the way responsibilities are split between your teams. In any case, the look and feel of both GitGuardian dashboards are very similar, so that your team members aren’t lost when they use both products!
GitGuardian NHI Governance and Internal Secrets Monitoring gives you a complete NHI security picture. Governance finds all your secrets, and Internal Monitoring pinpoints leaks. This combo boosts accuracy, speeds up incident response by showing you exactly where secrets live, and helps prevent future leaks by guiding developers. Together, they make secrets management faster, safer, and more efficient.
Additionally, NHI Governance includes Honeytoken for preemptive threat detection.When Secrets Monitoring finds an exposed credential, you can deploy a honeytoken in its place. If an attacker attempts to use it, you get instant alerts—turning remediated incidents into tripwires for future intrusion detection.
For Public Secrets Monitoring: any publicly active developer who has made at least one public commit somewhere on GitHub.
For Interal Secrets Monitoring and NHI Governance: any active contributor to a project you are securing with GitGuardian who has made at least one commit in the last 90 days.
Developer Endpoint Protection is priced per endpoint per year, with two tiers:
Each endpoint includes at least one Honeytoken for passive threat detection. Contact us to get a count of your endpoints and a custom quote.
For Public Secrets Monitoring, the best option that you have is to reach out to us. We use many different rules to identify public activity that is linked with your company. It just takes one email to our support to get your company’s public activity metrics based on our historical data.
For Internal Secrets Monitoring and NHI Governance, a developer is an active contributor to a project you are securing with GitGuardian who has made at least one commit in the last 90 days. This applies to both Internal Secrets Monitoring and NHI Governance, as NHI Governance is part of the unified GitGuardian Platform and is priced per developer seat.
Our GitGuardian platform is free for repositories hosted under your GitHub Organization.
Our Public Secrets Monitoring product is charged based on your numbers of publicly active developers. Contributors to your Open Source projects aren’t always members of your development teams. We count these contributors only if they are actual employees. In such a case, we monitor these contributors wherever they commit on public GitHub, especially on personal and third party repositories.
Quota usage is based on requests and not on content amount or size. As an example, the scan of a single file, via single scan endpoint, and the scan of a commit involving multiple files, via multiple scan endpoint, both use 1 API call per request.
The quota is set on a rolling month basis (and not on calendar month). By default, we grant 10,000 calls/month on our free plans and 1M calls/month for our customers on the business plan. Those quotas can be fine tuned upon request.
We do! Please contact us.
