GitGuardian is a code security platform for the DevOps generation and the company has built an automated secrets detection and remediation platform. To learn more about the company, Pulse 2.0 interviewed Eric Fourrier, co-founder and CEO of GitGuardian.
Eric Fourrier’s Background
Eric Fourrier is an engineer who graduated from Ecole Centrale and he also has a degree in machine learning from Ecole Normale Supérieure in Paris. Fourrier first worked as a data scientist in the United States financial sector. Then he started his entrepreneurial journey by founding first Quantiops, a consulting firm specializing in big data analysis, and then GitGuardian in 2017.
Launching Of GitGuardian
GitGuardian’s secret detection engine was a side project when Fourrier was working full-time as a data scientist. The project started with collecting all the public commits pushed to GitHub in real-time.
“With so much data at hand and a bit of manual inspection, my cofounder and I were astonished by the order of magnitude of the secrets sprawl,” said Fourrier. “Every developer knows that no secret should be hardcoded in public source code. Yet we found thousands of credentials leaked on the platform… Per day. These credentials were leaked on personal repos, so at first, we thought most of these would be personal. But we found many corporate credentials with the potential to create tens of millions of dollars in damage.”
Challenges In Building The Company
I asked Fourrier about some of the challenges that the team faced while building the company.
Fourrier noted that the team was not coming from the cyber industry. So they had to learn how to responsibly disclose incidents in situations where there is a huge disproportion between the size of the company and the potential damage they helped prevent.
“We’re proud to consider ourselves the white-hatted guardians of Open Source. With so much sensitive information in hand, we had to build a culture of professionalism and seriousness,” Fourrier added. “We also managed to sign the majority of our deals in the US. 80% of our revenue is coming from there. We are extending our team’s local presence to serve even better these customers.”
Core Services
GitGuardian is known as a global cybersecurity startup focusing on code security solutions for the DevOps generation. And the company is known as a leader in the market of secrets detection and remediation with solutions that are already used by hundreds of thousands of developers in all industries.
GitGuardian essentially helps developers, cloud operation, security, and compliance professionals secure software development and define and enforce policies consistently and globally across all their systems. And GitGuardian’s solutions monitor public and private repositories in real-time, detect secrets, sensitive files, and IaC misconfigurations, and alert to allow investigation and quick remediation.
The company’s secrets detection engine has been detecting secrets on public GitHub since late 2017. Whenever they leak a secret on public GitHub repositories, GitGuardian has made it their duty to notify them on time so they can take action. Over 3,000 emails are sent out every day.
“In 2020, we launched our secrets detection platform for the SDLC. The platform detection engine has been improved year after year and now covers more than 350 types of secrets. It is battle-tested at scale on the whole public GitHub activity. It is now an enterprise-grade solution with native integrations to the major version control systems (GitHub, GitLab Azure DevOps, and Bitbucket), capacities to handle very large repositories, and features to facilitate collaboration between appsec and development teams,” Fourrier explained. “It is also integrated with most common SIEM, ITSM, ticketing systems, and chat to integrate with companies’ alerting flows. Infrastructure as code security has been added to the platform end of 2022, and new components are about to be announced.”
Biggest Milestones
I asked Fourrier about the company’s biggest milestones. These are the bullet points:
– 2017- GitGuardian was created in Paris
– 2018 – GitGuardian Public Monitoring was launched
– 2019 – The company raised a $12 million Series A funding round
– 2020 – GitGuardian Internal Monitoring was launched
– 2021 – The company became the n°1 security app on the GitHub marketplace. And the company also raised a $44 million Series B
– 2022 – The company signed its largest deal, protecting a very large American company with more than 8,000 developers from secrets sprawl. And the company reached 100 Guardians.
– 2023 – GitGuardian is now available on the AWS marketplace. And at least 2 new modules will be added to the GitGuardian platform.
Customer Success Story
When I asked Fourrier about a customer success story, he cited an anecdote from Edvinas Urbasius, who is a security operations center (SOC) analyst at a wholesaler/distributor with over 10,000 employees. GitGuardian has helped their team increase productivity as they it provides information about what projects the developers are working on.
Funding
GitGuardian has raised $56 million in total funding to date from Eurazeo, Sapphire, Balderton, and several notable tech entrepreneurs like Scott Chacon (co-founder of GitHub) and Solomon Hykes (co-founder of Docker).
Total Addressable Market (TAM)
Fourrier noted that they are targeting large companies with at least 200 developers and mature on cloud and DevOps adoption. And GitGuardian is evolving in the following markets: Application Security ($11.55 billion), DevSecOps ($5.9 billion), Cloud Security ($16.04 billion), and Supply Chain Security ($2 billion). Plus the secret detection market by itself represents a $10 billion market in 2025. Now they see the most traction in verticals like finance, big IT shops, and software vendors.
Differentiation From The Competition
GitGuardian has been widely adopted by developer communities and it is used by over 300,000 developers. Plus it is the number one security application on the GitHub Marketplace.
The company’s on-premise or SaaS deployment capabilities, its great robustness, its capacity to integrate to multiple VCS, and its ability to manage very large development teams also make it a preferred solution for large accounts such as Instacart, Snowflake, Orange, Talend, Maven Wave, or Payfit.
“An enterprise solution must go beyond detection and offer rich features to remediate at scale. This is the case for GitGuardian,” Fourrier pointed out. “Our detection engine is one of the best on the market. We enriched the platform with key features such as automated severity scoring, playbooks, RBAC, Dev in the loop, occurrences management… We strongly believe that the cooperation between Application Security, DevOps, CloudOps engineers, and developers is key to conquering hardcoded secrets.”
Future Goals
What are some of the company’s future goals? “We keep creating exciting new projects to explore today’s and tomorrow’s software supply chain security threats. In its ongoing efforts to build a code security platform for the DevOps generation, we are actively adding new capacities around remediation, Infrastructure as code security, and intrusion detection,” Fourrier replied.