GitGuardian has been thinking about this problem for the past two years
After stumbling on the issue, the company’s co-founders, Jérémy and Eric, built a unique engine that recognises secrets and generates a notification every time one is seen somewhere it shouldn’t be. The first, public project they launched around this technology was GitGuardian. GitGuardian monitors public GitHub and, every time it spots a secret, emails the appropriate developer notifying them of their potential leak.
What started as an interesting project became a lot more when they realised the sheer scale of the problem. Yes, many leaks are relatively harmless - small side projects that might leak a personal AWS account. However, it turns out that there are also huge ones. Ecommerce leaks that would allow a hacker access to millions of customer records. Corporate leaks that could generate tens of millions of dollars in losses, regulatory fines and litigation settlement. Even government leaks that could literally threaten national safety.
Despite stumbling on so obvious a problem and building a solution, the path has not been easy for Eric and Jérémy. While their service quickly got adoption from end developers — 34,000 from thousands of companies use it today for free — they soon discovered that potential customers were often afraid of engaging in case their leaks became public. Rather than using technology to monitor and fix the problem, they tried ignoring the problem, shutting down conversations, worried about publicity, blackmail and more.
Over the last year, the team has learned to harness that negativity and turn it positive. A number of leading technology companies, run by the most highly thought of technical leadership teams have realised that this problem is here to stay. Cumbersome security processes will always fail to catch every corner case when the pressure is on to build faster and collaborate more freely.
A system like GitGuardian’s that can monitor both public and private repositories, messaging systems and development processes means that you have instant, always-on insurance that any slip will be quickly detected and fixed. The team have gone from awkward silences to selling multi-year contracts to large US corporations, all from a small office in Paris.