Trusted by thousands of developers on GitHub; currently ranking number one in both the Security and Monitoring categories and second overall for third-party applications
(Paris, FR) – August 17, 2021 - GitGuardian, a cybersecurity start-up specializing in securing software development with automated secrets detection and remediation, announces availability on the GitHub Marketplace. This allows DevOps, Security, and Developer to implement automated secrets detection and remediation in their git repositories. GitGuardian on GitHub Marketplace makes code security accessible and easy to install.
As of August 11, 2021, GitGuardian had 104k installs on GitHub, as can be seen on the marketplace. The second most installed security application is Snyk, with 47k installs. Both solutions are complementary, and lead the way toward helping Dev, Sec and Ops collaborate to remediate code security issues together.
GitGuardian’s research, that was a result of constant monitoring of every single commit pushed to public GitHub, indicates an alarming growth of 20% year-over-year in the number of secrets found. A growing volume of sensitive data, or secrets, like API keys, private keys, certificates, usernames and passwords end up publicly exposed on GitHub, putting corporate security at risk as the vast majority of organizations are either ignoring the problem or poorly equipped to cope with it.
“On behalf of the entire GitGuardian team, to the 100k developers who have installed GitGuardian, I want to express our gratitude for your trust,” said Jeremy Thomas, CEO of GitGuardian. “We are humbled to be the second most installed third-party app of the whole marketplace, playing alongside giants like Travis (the most installed app overall)”.
With this integration, organizations can:
- Install GitGuardian on GitHub repositories directly from GitGuardian’s product page on the GitHub Marketplace
- Configure GitGuardian’s access to GitHub repositories from the dedicated GitHub account page
After installation, the GitGuardian App will automatically scan any new commits pushed to selected repositories for leaked credentials and secrets. It will also run a historical scan on all commits made prior to its installation to detect any past leaks and give users a full overview of their repositories’ health. GitGuardian for Internal Repositories Monitoring is:
- Available for free for individual developers or Open Source projects
- Available for free for teams of 25 developers or less
- Available immediately
For more information on our pricing plans, please visit gitguardian.com/pricing.
Additional information 2021 State of Secret Sprawl on GitHub - How Leaky can it Git. Secrets Detection learning center
GitGuardian Public Monitoring allows real-time GitHub scanning and alerting to uncover sensitive company information hiding in online repositories. It monitors both organization repositories and developers' personal repositories. The solution gives visibility to developers and security teams on this very critical blind spot that are the organization developers' personal repositories on GitHub (80% of leaked corporate secrets on public GitHub come from developers’ personal repositories). GitGuardian Public Monitoring is particularly interesting for companies with large development teams (above 200 developers) and modern development practices.
GitGuardian Internal Monitoring is an automated secrets detection & remediation solution. It integrates with the Version Control System to further secure the software development life cycle. It scans existing code as well as incremental changes to detect secrets (API keys, database credentials, certificates). GitGuardian has a native integration with GitHub, GitLab and Bitbucket and there is both a SaaS and an on-premise version available. It is also integrated with most common SIEM, ITSM, ticketing systems and chat to integrate with companies’ alerting flows.
GitGuardian detection algorithm, common to both products, was battle-tested at scale on the whole public GitHub activity for over three years. Scanning is done continuously but also on git history to ensure total coverage. The secret detection engine covers 250+ API providers, database connection strings, private keys, certificates, usernames and passwords and allows also to build custom detectors.
Connect with GitGuardian
Twitter: @GitGuardian