GitGuardian, the cybersecurity startup helping developers and companies become more secure, has raised €10.8 million in Series A funding, led by Balderton Capital. Scott Chacon, co-founder of GitHub, and Solomon Hykes, founder of Docker also participated in the round.
Paris-based GitGuardian, founded in 2017, is a cybersecurity company that helps developers write more secure code, as well as help companies to detect exposed sensitive ‘secrets’ (such as login details, API keys, and private cryptographic keys) leaked online every day, using a combination of sophisticated algorithms. Their real-time monitoring platform helps teams manage data leaks and prevent breaches that could cause millions of euros in potential damages. This is in fact a problem faced by many companies today – in 2019, a SANS Institute survey found that half of company data breaches were the result of account or credential hacking.
The demand behind GitGuardian requires understanding a bit more behind how developers and companies work today. Enterprise software developers normally rely on GitHub, a public platform which allows working together online to build and refine code. The collaborative nature of this platform is what makes GitHub such a useful tool, yet it can also lead to “leakage” in which developers unwittingly expose sensitive company credentials to the public via their code repositories.
GitGuardian originally built its launch platform with public GitHub in mind, probably the best place to train its algorithms at scale. Today, however, GitGuardian is built to be able to monitor and notify on secrets that are inappropriately disseminated in internal systems as well, such as private code repositories or messaging systems.
GitGuardian’s technology works by linking developers registered on GitHub with their companies and scanning the content of over 2.5 million commits (or code revisions) per day in search for signs of company secrets. Once a secret is leaked, it takes just four seconds for GitGuardian’s technology to detect it and send an alert to the developer and a client’s security team. Its algorithm is constantly learning through a feedback loop with developers and teams who rate how accurate each alert is, and whether or not it was a true or false alert, via a single click. This helps future-proof GitGuardian against the evolution of how secrets are leaked as well as the types of secrets.
Jérémy Thomas, Co-Founder and CEO at GitGuardian comments: “Through our detection and alerting services, GitGuardian has already supported global government organisations, more than 100 Fortune 500 companies and 400,000 individual developers to date. Currently, every company with software development activities is concerned about secrets spreading within the organisation, and in the worst case, to the public space. As a company with so much sensitive information at hand, we have built a culture of unconditional secrecy at our core.”
GitGuardian plans to use the investment to expand its customer base, predominantly in the US. Around 75% of its clients are currently based in the US, with the remainder being based in Europe, and the funding will continue to drive this expansion. GitGuardian will also use funds to further develop their monitoring platform for private sites.