talisman VS ggshield

Compare talisman vs ggshield and see what are their differences.

talisman

Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and private keys. (by thoughtworks)

ggshield

Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations. (by GitGuardian)
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
talisman ggshield
5 23
1,918 1,689
0.5% 0.8%
6.6 9.5
5 months ago 6 days ago
Go Python
MIT License MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

talisman

Posts with mentions or reviews of talisman. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-07-07.

ggshield

Posts with mentions or reviews of ggshield. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-05-30.
  • Ask HN: How can we open-source a 7 year old SaaS codebase and build a community?
    2 projects | news.ycombinator.com | 30 May 2024
    You could just switch the existing repo(s?) to public. If secrets in the commits are a concern you can use stuff like GitGuardian (https://gitguardian.com)
  • Tools for checking your code?
    1 project | /r/devops | 10 Apr 2023
    For secrets scanning you can implement ggshield precommit hook. : https://github.com/GitGuardian/ggshield
  • What do i tell him?
    2 projects | /r/ProgrammerHumor | 25 Mar 2023
    I believe you'll get all the information you need on their website
  • Infrastructure as Code Security [Security Zines]
    1 project | dev.to | 6 Jan 2023
    The GitGuardian's CLI, ggshield, was recently updated to support IaC misconfigurations scanning: it's as easy as  ggshield iac scan path_to_iac_main_folder.
  • GitHub Access Token Exposure
    6 projects | news.ycombinator.com | 20 Nov 2022
  • How To Use ggshield To Avoid Hardcoded Secrets [cheat sheet included]
    2 projects | dev.to | 14 Nov 2022
    If you want to build a configuration from an example, you can find a sample config file at https://github.com/GitGuardian/ggshield/blob/main/.gitguardian.example.yml.
  • Security scanning
    3 projects | /r/devops | 7 Nov 2022
    I agree that code scanning is really important, the best way to convince others is to identify high-risk threats in source code and present them to the decision-makers. For example, scanning Secrets is great for showing how repositories can be a massive vulnerability and identifying some low-hanging fruit, especially in the git history. Attackers are really after git repository access for this reason and there are plenty of open-source or free tools that you can use to illustrate the problem. Git-Secrets, Truffle Hog. These aren't great for a long-term commercial solution, something like GitGuardian is a better commercial tool but if the goal is just to illustrate the problem then finding some high-value secrets with free tools is a good way to convince the security personnel to invest in some solutions. Then the door is open to having more conversations as you have already proven the risk.
  • Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
    10 projects | news.ycombinator.com | 13 Oct 2022
  • Thinking Like a Hacker: Abusing Stolen Private Keys
    1 project | dev.to | 12 Sep 2022
    First up is the leaked TLS private key. Poor Corp added their wildcard certificate to their GitLab image, but they didn’t consider that anyone could steal the private key from the Docker image once published on Docker Hub. Rather than adding sensitive files and hardcoded environment variables to their containers while they were being built, Poor Corp should have used runtime environment variables and mounted volumes to pass secrets into the container—by the way, ggshield, the secrets detection CLI from GitGuardian, has a command for scanning Docker images. If you find that you’ve also made this mistake, you need to immediately revoke any certificates or credentials that were exposed.
  • How to make security policies a team effort
    1 project | dev.to | 1 Aug 2022
    GitGuardian’s CLI, ggshield, can be installed as a pre-commit hook on a developer’s workstation to act like a security seatbelt preventing any secret from being committed locally in the first place. If a developer chooses to bypass the guardrail and push a secret anyway, the event is reported in the GitGuardian dashboard. This allows security teams to have eyes on any possible policy issues as developers build—all without holding up their progress. These tools can detect risks, watch for vulnerabilities, and notify the right people in a non-intrusive way.

What are some alternatives?

When comparing talisman and ggshield you can also consider the following projects:

trufflehog - Find, verify, and analyze leaked credentials

Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

husky - git hooks made easy

whispers - Identify hardcoded secrets in static structured text

git-secrets - Prevents you from committing secrets and credentials into git repositories

gitleaks - Protect and discover secrets using Gitleaks 🔑

detect-secrets - An enterprise friendly way of detecting and preventing secrets in code.

buildnotify - A system tray based build status notification app for cctray.xml feeds.

foundryvtt-minuit - Foundry VTT game system for the french RPG "Contes de Minuit"

ochrona-cli - A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

simple-git-hooks - A simple git hooks manager for small projects

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Did you konow that Go is
the 4th most popular programming language
based on number of metions?