🦉 What is GitGuardian?

GitGuardian Secrets Detection detects and fixes vulnerabilities in source code at every step of the software development lifecycle, covering 350+ types of secrets like API keys, database connection strings, private keys, certificates, and more. The platform’s policy engine enables security teams to monitor and enforce rules across their VCS, DevOps tools, and infrastructure-as-code configurations. Our automated remediation playbooks and collaboration features bring security and development teams together to resolve incidents fast and in full.

1. Scan your codebase for 350+ types of secrets

GitGuardian scans your GitHub repositories and raises alerts only for critical secrets, such as API keys or other credentials. At scale, GitGuardian’s detection algorithm has been battle-tested on over three years of activity in all public GitHub repositories – totaling over 1 billion scanned commits!

2. Quickly remediate your hard-coded secrets

If you ever experience a leak involving a credential, we have a complete remediation guide used by 100k+ developers each year. We’ll show you how to revoke the secret and remove it from your git history.

3. Prevent secrets from reaching GitHub

Install ggshield, the GitGuardian CLI, and add secrets detection to your local development workflow using pre-commit and pre-push git hooks integrations.

🙋‍♂️ FAQ

What is your pricing?
GitGuardian is free for teams under 25 developers and offers a 30-day trial for larger teams.

How can I be sure that GitGuardian won’t raise too many false positives?
We have scanned billions of commits, sent millions of alerts since 2018, and integrated each feedback to improve our algorithm. Our alerts currently receive 91% “true positive” feedback from developers.

My repositories are private; why should I install automated secret detection?
Imagine if there were a plain text file with all your credit card numbers inside, you wouldn’t put this file inside your company’s git repository. Secrets are just as sensitive and should be handled with special care.

Is GitGuardian available to be installed on-premise?
Yes, you can contact one of our security specialists to look over the possibility of installing GitGuardian on-premise on your repositories.

⚒️ Installation notes

You should install GitGuardian directly through your GitGuardian workspace on the Integration settings page.

So that you know, your GitHub organization or GitHub account can only be associated with a single GitGuardian workspace.

👋 Support

If you experience any difficulties or have any questions, please reach out to us by email (support@gitguardian.com).