GitGuardian: Mastering secure code from the ground up

‍

Managing software vulnerabilities presents a significant challenge, especially with the constant emergence of new exploits. This case study unveils how GitGuardian not only fortified its code security but also significantly streamlined the management of Common Vulnerabilities and Exposures (CVEs), ensuring the delivery of secure software containers to its high-caliber users across public and private sectors.

Challenge

GitGuardian’s challenge was multifaceted, rooted in the need to manage a burgeoning backlog of CVEs that imposed a significant burden on the triage and remediation teams, but also the trust and compliance integral to their operations and customer relationships.

‍

The team was inundated with vulnerabilities across their software containers, making the task of patching and updating not just daunting, but costly to manage efficiently with a small but dedicated team of full-time engineers.

‍

The pressures of meeting customer demands for shipping software with minimal — if not zero — CVEs highlighted the critical nature of this challenge in maintaining customer trust and meeting contractual obligations. This was especially apparent for major U.S. customers and prospects in highly regulated sectors like defense and public services regardless of whether deployment was on-prem or cloud-based.

‍

The manual process of addressing these vulnerabilities was resource-intensive, leading to a significant operational burden that diverted attention from innovation and product development. Furthermore, GitGuardian’s ambition to pursue security and compliance requirements introduced additional complexity, requiring them to uphold the highest standards of security and vulnerability management while navigating the rigorous compliance landscape.

‍

"Security is in the DNA of GitGuardian. And Chainguard really made sense when we started to look at how to streamline and make sure we don't ship our software with any vulnerabilities because that is a really big part of our story."

Romain Jouhannet, Sr. Product Manager

Solution

The adoption of Chainguard Images marked a pivotal shift in GitGuardian’s approach to securing their container environments. This strategic move was driven by the pressing need to reduce the number of vulnerabilities and streamline the entire process of vulnerability management.

‍

The benefits were immediately clear as GitGuardian witnessed a drastic reduction in CVEs — eliminating them by 100%. They went from facing numerous critical and high vulnerabilities to achieving a state where such vulnerabilities were literally nonexistent, in addition to a 33% reduction in image size.

‍

The solution not only simplified GitGuardian’s vulnerability management, but also expedited the delivery of more secure software versions. Chainguard Images helped them to refocus back to their core business and innovations driving customer value, rather than being bogged down by continuous patching. This efficiency was particularly crucial for GitGuardian, as they promise short SLAs on patching critical vulnerabilities — a commitment now more easily met with Chainguard’s rapid patching turnaround times.

‍

Looking ahead, GitGuardian is excited about further innovations the time saved using Chainguard Images has helped them unlock, such as expanding their secret detection capabilities beyond source code and tackling new types of vulnerabilities. Their goal is to broaden their security footprint and continue providing customers with the most secure, compliant, and efficient solutions possible.