GitGuardian, the world's leading secret detection* platform, today announced a $44 million growth round. Led by Eurazeo and joined by Sapphire, with participation from existing investors including Balderton, BPI and Fly Ventures. The round reflects GitGuardian’s accelerated adoption among enterprises’ security and development teams, as well as individual developers.
GitGuardian is trusted by large companies such as Talend, Mirantis, Instacart, Genesys, Now: Pensions and Maven Wave. The investment round will be used to accelerate the strategies that drove GitGuardian to quadruple its recurring revenue in both 2020 and 2021, extend its secret detection solution to become a comprehensive code security platform, expand its go-to-market, and grow its teams across the US and Europe.
In 2022, GitGuardian will establish a strong presence in the United States, with Jeremy Thomas, the founder and CEO, moving from France to open the American office and recruit key team members to better address this strategic market that already represents 75% of GitGuardian’s revenue.
The unmet demand of code security platforms
The way applications are built has changed drastically, creating largely unmet needs and the proliferation of vertical DevSecOps solutions. As software rules the world, the ability to deliver secure applications quickly is a competitive advantage, even in the most physically-rooted industries.
Achieving this requires a total change in the way applications are built:
Organizational change: Large, growing, distributed Dev, Sec, and Ops teams producing more code, faster.
Technological change: DevOps-native applications are no longer standalone monoliths. They are made up of an increasing number of building blocks (cloud infrastructure, managed databases, SaaS applications, open-source components, internal microservices, etc.), technologies and frameworks.
Cultural change: Security is now a shared responsibility between Dev, Sec and Ops teams, which is continually addressed throughout the Software Development Life Cycle (SDLC) so that defects can be identified earlier and remediated at lesser costs.
These new ways of building software create the necessity to support new vulnerabilities and new remediation workflows. These needs have emerged so abruptly that they have given rise to a young and highly fragmented DevSecOps tooling market. Solutions are specialized based on the type of vulnerabilities being addressed: SAST, DAST, IAST, RASP, SCA, Secrets Detection, Container Security, and Infrastructure as Code Security.
A need for security platforms to enforce code security at scale has emerged
The “Application Security (AppSec) Shared Responsibility Model” is emerging as the only approach to AppSec that is truly scalable and finally allows the unlock of secure applications’ quick release. However, developers are underserved in terms of code security tools. The market is fragmented, tools are not educational and triggering irrelevant alerts that are harming developers’ productivity. They are often not well-integrated into the developers’ workflow.
With 150M developers on the different code hosting platforms (GitHub, GitLab, Bitbucket) in 2025, the code security market is estimated to reach between $50B and $100B.
GitGuardian, founded in 2017 by Jérémy Thomas and Eric Fourrier, has emerged as the leader in secrets detection and is now focused on enabling the Shared Responsibility Model of AppSec by starting first with getting the developers' experience right.
Jérémy Thomas, GitGuardian CEO shares his vision: “GitGuardian's mission is ambitious but is built on a very simple philosophy at its core. Developing and launching secure applications must be a shared responsibility between Dev, Sec and Cloud Ops. Developers in particular, want a wingman at every step of the SDLC to help them write more secure code without limiting their productivity. And as defining threat signatures and keeping pace with the thousands of technologies that developers use will always be a never-ending battle, we have already laid the foundation of a powerful and flexible code security framework that can be extended rapidly to encode a wide variety of vulnerabilities.”
From secrets to a wide variety of vulnerabilities
GitGuardian’s powerful and flexible framework currently addresses secrets detection. With more than 300 detectors, it can detect secrets in both public and private repositories and containers and be deployed either in SaaS or on-premise. With more than 130K installs, GitGuardian is the n°1 security application on the GitHub Marketplace. Its enterprise-grade features truly enable AppSec and Development teams in a collaborative manner to deliver a secret-free code.
With this funding, GitGuardian will build from its secret detection expertise and extend to encode a wide variety of vulnerabilities to compete with legacy code security platforms.
Its massive dataset and large developer community will allow fast testing. Broadening the detection scope will increase numbers of high assurance and high-value findings, making GitGuardian even more relevant for enterprises, individual developers and small development teams.