PARIS, Oct. 18, 2022 — GitGuardian,
the enterprise-ready automated secrets detection and remediation
platform, is expanding its capabilities to new security verticals.
GitGuardian is now building a comprehensive platform to help development
and security teams write, maintain, and run secure code anywhere.
everything-as-code movement GitGuardian is securing has taken multiple
domains by storm and elevated code to the ranks of the most valuable
asset an organization can own. Often overlooked in the inventories of
organizations, security teams have just awakened to the need to secure,
protect, and continuously monitor the software development lifecycle
(SDLC) for risks like tampering, code leakage, hardcoded credentials, and more.
GitGuardian's product suite already provides such capabilities, but the company is now looking to consolidate everything into one single platform:
- Secrets detection and remediation; GitGuardian helps security and development teams reduce the risks of secrets exposure in the software development lifecycle.
- Public GitHub monitoring; GitGuardian helps organizations secure their extended attack surface by monitoring GitHub for leaked secrets and sensitive data.
- Source code leakage detection; GitGuardian continuously scans public GitHub to look for proprietary code leaked from private repositories.
- SDLC intrusion detection;
GitGuardian enables security teams to deploy canary tokens at scale in
their DevOps environments and lure attackers into revealing themselves.
movement has also blurred the boundaries between Application Security
and Cloud Security. With Infrastructure-as-Code (IaC), both the
application and cloud infrastructure layers have collapsed onto one
another in git-based Version Control Systems.
software-defined infrastructure has unlocked automated cloud resource
deployment with more speed and consistency for engineering teams, it is
still fraught with risks. Gartner expects that through 2023, at least
99% of cloud security failures will be the user's fault, mainly
misconfigurations. Such errors propagate from code to cloud-native
environments, exposing critical workloads and resources on the way.
To help Cloud Security teams protect their organization's infrastructure at the source, GitGuardian is adding Infrastructure-as-Code scanning for security
misconfigurations to its platform. And in the spirit of Shift Left
security, the company is enabling this through its popular open-source
command-line interface (CLI) for developers, ggshield.
this initial release, developers and Site Reliability Engineers will be
able to find and fix over 60 types of security misconfigurations in
Terraform files — while they develop.” says Eric Fourrier, GitGuardian
co-founder and CTO.
GitGuardian’s initial focus in Infrastructure-as-Code security
is Terraform and AWS. Still, it plans to enrich its
Infrastructure-as-Code policies directory, support additional cloud
services providers like Azure and Google Cloud Platform, and integrate
scanning natively in developer workflows on GitHub, GitLab, or
In its ongoing efforts to build a code security platform for the DevOps generation, GitGuardian is also actively exploring opportunities in areas such as Static Application Security Testing (SAST) and Software Composition Analysis (SCA).
founded in 2017 by Jérémy Thomas and Eric Fourrier, has rapidly emerged
as the leader in automated secrets detection and is now focused on
providing a comprehensive code security platform. The company has raised
a $56M total investment from Eurazeo, Sapphire, Balderton, and notable
tech entrepreneurs such as Scott Chacon, co-founder of GitHub, and Solomon
Hykes, co-founder of Docker.
GitGuardian Internal Monitoring
helps organizations detect and fix vulnerabilities in source code at
every step of the software development lifecycle. With GitGuardian’s
policy engine, security teams can monitor and enforce rules across their
VCS, DevOps tools, and infrastructure-as-code configurations.
adopted by developer communities, GitGuardian is used by over 200,000 developers and is the #1 app in the security category on the
GitHub Marketplace. GitGuardian is also trusted by leading companies,
including Instacart, Genesys, Orange, Iress, Beyond Identity, NOW:
Pensions, and Stedi.
GitGuardian Internal Monitoring is an automated secrets detection and remediation platform. By reducing the risks of secrets exposure across the SDLC, GitGuardian helps software-driven organizations strengthen their security posture and comply with frameworks and standards.
Its detection engine is
trained against over a billion public GitHub commits yearly. It covers
350+ types of secrets, such as API keys, database connection strings,
private keys, certificates, and more.
GitGuardian brings security and development teams together with automated remediation playbooks and collaboration features to resolve incidents quickly and thoroughly. Organizations can achieve higher incident closing rates and shorter fix times by pulling developers closer to the remediation process. Please visit the official website to learn more about GitGuardian Internal Monitoring, the enterprise-ready automated secrets detection, and remediation platform.