SpectralOps

Spectral is a reliable gatekeeper for our secrets

Puntos a favor:

Spectral is easy to set up and use, and it provides valuable insights into sensitive issues.

Contras:

The reports can be better, with more options to slice & dice the issues.

Great for code secutity

Comentarios: It helps us with fixing open code and key security issues in public and private repos

Puntos a favor:

I like the daily scan of all our repositories, it helps us to fix importent security issues in the code. Also the support team is very good .

Contras:

The UI was slowly in performance. Also some settings issues (but this was resolved by support)

Solved our headache with Azure DevOps

Comentarios: We've solved the issue of having zero visibility into our ADO environment with SpectralOps.

Puntos a favor:

Integrates easily into ADO, allowing us to track down exposures which we previously had no knowledge about.

Contras:

Would be good to see a snippet of the offending code inside the portal without needing to navigate to the source. No ability to customise the 'Code' tab, would be handy to adjust the order in which we're seeing issues. I.e: Date / Secret / Info / Severity / Status. The term 'Error' for exposures can get slightly confusing, would prefer to see the term 'Open Secret' or 'At Risk'. No ability to directly test a code block for secret exposures directly through the portal.

Save all your date, win tranquility

Puntos a favor:

The easy it is to use, the User Interface, how it protect all your data, and how easy it is to recover.

Contras:

Probably is not integrated as Google software, or any other software.

Very nice yet not fully polished.

Puntos a favor:

Scanning speed, support and speed of development

Contras:

Missing UI features Many false alerts, for example the Github action workflow file is failing on itself because it contains curl to a script with a pipe to sh ("curl spectral.io/script.sh | sh")