How big is your team? GitGuardian is free for team below 25 dev. And it will make sure secrets don't make it to your code and highlight any historical leaks too.
ChatGPT may not be used by all organizations and may even be banned. But that doesn't mean you don't have exposure to the security risks it contains. This post looks at why ChatGPT should be part of your threat landscape.
Well, GitGuardian is free for individual developers (20 K of them use it - n°1 app on GitHub market place) and for team below 25. So I guess the masses can enjoy secrets free code! https://github.com/marketplace/gitguardian
I stand corrected on this, but what I’d argue is it’s not an affordable solution for medium-sized companies and non-profits who don’t swim in cash. It could be that our example is unusual (big non-profit), but when we evaluated GG the pricing left a sour taste..
More specifically, none of the paid security products we use cost nearly as much, and those products do much more than just detecting secrets. So from that standpoint, the pricing just seems outrageous. It’s pretty clearly aimed at big enterprises that can afford it and are vulnerable to FUD (while the “hobbyist” pricing is just free advertising). I don’t blame them for finding a way to make big money, but this business model is not what we’d pick.
You can definitely use pre commit hooks for this like the one of ggshield https://github.com/GitGuardian/ggshield - remediation is far quicker when the secret does't make it to the codebase!
