GitGuardian Reviews & Product Details

it is very easy to implement and does not require heavy configuration to start delivering value. The onboarding process is straightforward, and integrations with GitHub and CI/CD pipelines work smoothly, allowing teams to get up and running quickly. I use GG frequently as part of daily development and code review workflows, and it fits naturally without slowing anyone down.

Customer support has been responsive and helpful whenever clarification or guidance was needed, especially during initial setup and alert tuning. The accuracy of secret detection, combined with clear alerts and remediation guidance, makes it a practical security tool that developers actually trust and consistently use. Review collected by and hosted on G2.com.

The pricing may seem somewhat steep for smaller teams or early-stage startups, particularly when expanding usage to multiple repositories. At first, some alerts might need to be adjusted to minimize unnecessary notifications, which involves a bit of a learning curve. Furthermore, the advanced features and options for policy customization could offer greater flexibility, especially for organizations that have highly specific internal security processes. Review collected by and hosted on G2.com.

GitGuardian delivers immediate detection and response. When a sensitive file, credential, or secret slips into a commit, it flags it within seconds and pinpoints the exact line that triggered the alert. The platform forces clarity: it shows the severity, lets me classify the criticality, and pushes fast remediation instead of noise. The value is precision, speed, and zero guesswork. Review collected by and hosted on G2.com.

The alerting is fast, but the volume can feel heavy when working across multiple repos with frequent commits. False positives still appear, which adds review time. The remediation steps are clear, yet the interface for navigating multiple incidents can feel cluttered, and sorting through similar alerts requires extra manual filtering. Review collected by and hosted on G2.com.

The auto review of the files after pushing and the detection system of the secrets is top notch of the Gitguardian. That's what I love most about it. Review collected by and hosted on G2.com.

Nothing specific but the process of finding the leaked variable is a little difficult which can be improved Review collected by and hosted on G2.com.

I like GitGuardian best for its real-time detection of secrets (like API keys and credentials) in both public and private repositories, its easy integration with developer tools and CI/CD pipelines, and its powerful, intuitive dashboard for incident management. The platform groups and prioritizes alerts smartly, minimizing false positives and enabling fast, context-aware remediation. Many reviewers also mention its broad language support, seamless integration with GitHub and GitLab, and automated remediation workflows as standout features. Review collected by and hosted on G2.com.

While GitGuardian is a great tool, there are occasional false positives that require manual review. Setting up custom policies or integrating with certain on-prem pipelines also takes a bit more work. However, these minor issues are outweighed by the overall value the platform provides. Review collected by and hosted on G2.com.

I like the fact GitGuardian automatically checks and find all the secrets or suspicious things in the code and helps developers discovering them. This, although seems little for a non-developer is a very big thing as these secrets can leads to major data loss, security concerns and even loss of business. Review collected by and hosted on G2.com.

Could be a little more powerful to detect all the secrets and also not pose a threat if something is not a secret even if it looks like so. Example env variables should be skipped. Review collected by and hosted on G2.com.

It is able to catch missed secrets, fast. It is automated so it is easy to sue and implemented/integrated automatically. It is always active so it detects new issues as fast as they are committed, usage is good. Never had to try to reach out to customer support, so that's a plus. Review collected by and hosted on G2.com.

Removing false flag has a not-good-enough UX. Review collected by and hosted on G2.com.

It protects against distractedly publishing information that passes inspection when AI engines create .gitignore files. It can even find it in a casual comment. Review collected by and hosted on G2.com.

Not a major downside, but sometimes it flags test strings, dummy values. Review collected by and hosted on G2.com.

I fancy that GitGuardian let's me know almost all the possible issues with leaked passwords as there is to know. Review collected by and hosted on G2.com.

I can't really think of something I dislike about their service. We're all progressing in life and so are the systems. Maybe in future it is possible to scan *example set passwords and flag them as not a real hard coded password, with the use of ai. Review collected by and hosted on G2.com.

Automated secrets checking and an incident dashboard -- and for free! Once the extension is installed and/or the cli, use is nearly effortless. AI assistants easily perform scans with little prompting specificity required, so the barriers to integration are pretty low too. Review collected by and hosted on G2.com.

In my experience, secret remediation hasn't been as automated as I would find helpful, at least with my current setup. However, I should note that I haven't fully explored all the available options in this area yet. Review collected by and hosted on G2.com.

This tool is the best solution I've found for addressing the issue of sharing secret keys through bad practices. Review collected by and hosted on G2.com.

At the moment, this isn't an issue for me. Review collected by and hosted on G2.com.