GitGuardian
This app is not approved by Slack.Apps are reviewed to ensure a quality experience. Learn more.
Secure Your Collaboration. Protect Your Business!
GitGuardian is the first end-to-end NHI security platform empowering organizations to prevent breaches resulting from leaked secrets and mismanaged identities.With attackers increasingly targeting non human identities (NHIs), such as service accounts, securing machine accounts and credentials becomes a priority. Once a secret is leaked, it remains a security risk until addressed—regardless of when and where it was exposed.GitGuardian For Slack (US instance) scans for hardcoded secrets—such as API keys, credentials, and tokens—across both new activity and historical content in your Slack environment. This means you can instantly identify and remediate exposed secrets, whether they were just shared or left unnoticed. Why GitGuardian?• Unmatched Accuracy & Breadth: Best-in-class detection engine with a 92% true positive rate, leveraging 420+ secret detectors, trained on billions of GitHub commits
• Extensive coverage: Scanning across your entire dev ecosystem (GitHub, GitLab, Bitbucket, Docker, Slack, Jira, Confluence, etc...)
• Remediation Power: Offers built-in remediation playbooks and automated workflows for fast time-to-fix.
• Enterprise-Proven Scalability: Proven at enterprise scale, onboarding 15,000+ developers or more, and offers a centralized audit view with rich contextual metadata for effective risk assessment and compliance.
• Developer Adoption & Efficiency: The #1 most downloaded security tool on GitHub Marketplace, fostering voluntary developer adoption and resulting in 3x fewer false positives than competitors, saving valuable developer time.Check out our pricing and start protecting your environment now
GitGuardian is the first end-to-end NHI security platform empowering organizations to prevent breaches resulting from leaked secrets and mismanaged identities.With attackers increasingly targeting non human identities (NHIs), such as service accounts, securing machine accounts and credentials becomes a priority. Once a secret is leaked, it remains a security risk until addressed—regardless of when and where it was exposed.GitGuardian For Slack (US instance) scans for hardcoded secrets—such as API keys, credentials, and tokens—across both new activity and historical content in your Slack environment. This means you can instantly identify and remediate exposed secrets, whether they were just shared or left unnoticed. Why GitGuardian?• Unmatched Accuracy & Breadth: Best-in-class detection engine with a 92% true positive rate, leveraging 420+ secret detectors, trained on billions of GitHub commits
• Extensive coverage: Scanning across your entire dev ecosystem (GitHub, GitLab, Bitbucket, Docker, Slack, Jira, Confluence, etc...)
• Remediation Power: Offers built-in remediation playbooks and automated workflows for fast time-to-fix.
• Enterprise-Proven Scalability: Proven at enterprise scale, onboarding 15,000+ developers or more, and offers a centralized audit view with rich contextual metadata for effective risk assessment and compliance.
• Developer Adoption & Efficiency: The #1 most downloaded security tool on GitHub Marketplace, fostering voluntary developer adoption and resulting in 3x fewer false positives than competitors, saving valuable developer time.Check out our pricing and start protecting your environment now
Permissions
GitGuardian will be able to view:
GitGuardian will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
GitGuardian
Company headquarters location
France
Terms of service
Privacy & data governance
Data retention policy
GitGuardian shall retain data as long as the company has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, it shall be securely disposed of or archived. System owners, in consultation with legal counsel, may determine retention periods for their data. Retention periods shall be documented in the Data Retention Matrix in Appendix B to this policy.
Data archiving and removal policy
Data classified as restricted or confidential shall be securely deleted when no longer needed. GitGuardian shall assess the data and disposal practices of third-party vendors in accordance with the Third-Party Management Policy. Only third-parties who meet GitGuardian requirements for secure data disposal shall be used for storing and processing restricted or confidential data.
GitGuardian shall ensure that all restricted and confidential data is securely deleted from company devices prior to, or at the time of disposal.
Personally identifiable information (PII) shall be collected, used and retained only for as long as the company has a legitimate business purpose. PII shall be securely deleted and disposed of following contract termination in accordance with company policy, contractual commitments and all relevant laws and regulations. PII shall also be deleted in response to a verified request from a consumer or data subject, where the company does not have a legitimate business interest or other legal obligation to retain the data.
Data storage policy
Confidential data is subject to the following protection and handling requirements:
- Access for non-preapproved roles requires documented approval from the system owner
- Access is restricted to specific employees, roles and/or departments
- Confidential systems shall not allow unauthenticated or anonymous access
- Confidential Customer Data shall not be used or stored in non-production systems/environments
- Confidential data shall be encrypted at rest and in transit over public networks in accordance with the Cryptography Policy
- Mobile device hard drives containing confidential data, including laptops, shall be encrypted
- Mobile devices storing or accessing confidential data shall be protected by a log-on password or passcode and shall be configured to lock the screen after five (5) minutes of non-use
- Backups shall be encrypted
- Confidential data shall not be stored on personal phones or devices or removable media including USB drives, CD’s, or DVD’s
- Paper records shall be labeled “confidential” and securely stored and disposed of in a secure, approved manner in accordance with data handling and destruction policies and procedures
- Hardcopy paper records shall only be created based on a business need and shall be avoided whenever possible
- Hard drives and mobile devices used to store confidential information must be securely wiped prior to disposal or physically destroyed
- Transfer of confidential data to people or entities outside the company shall only be done in accordance with a legal contract or arrangement, and the explicit written permission of management or the system owner
Restricted Data Handling
Restricted data is subject to the following protection and handling requirements:
- Access is restricted to users with a need-to-know based on business requirements
- Restricted systems shall not allow unauthenticated or anonymous access
- Transfer of restricted data to people or entities outside the company or authorized users shall require management approval and shall only be done in accordance with a legal contract or arrangement, or the permission of the system owner
- Paper records shall be securely stored and disposed of in a secure, approved manner in accordance with data handling and destruction policies and procedures
- Hard drives and mobile devices used to store restricted information must be securely wiped prior to disposal or physically destroyed
Public Data Handling
No special protection or handling controls are required for public data. Public data may be freely distributed. Public GitHub data is considered as public data and handled as such.
Data center location(s)
United States
Data hosting details
AWS RDS with full at-rest and in-transit encryption
Data hosting company
AWS
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
no
Certifications & compliance
SOC attestation
Privacy Shield notice
GDPR commitment
Data deletion request procedure
Address your data deletion requests to legal@gitguardian.com.
GitGuardian shall return your Data or, delete your Data in accordance with the procedures and timeframes specified in the Security Documentation, or upon written request from you approved by the GitGuardian.
See the dedicated section in https://www.gitguardian.com/legal/data-processing-addendum
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2024-11-25
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Google, Okta, Auth0, Microsoft Entra ID, Duo, Keycloak
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
security@gitguardian.com
Has a vulnerability disclosure program
yes
Vulnerability disclosure program URL
Vulnerability disclosure program covers Slack app
yes
Has a bug bounty program
yes
Bug bounty program URL
Requires third party authorization/connections
no
Third party services used by this app
See full list here: https://www.gitguardian.com/legal/subprocessors
Uses token rotation
yes