Case Study: Orange Business reduces secret leaks and alert fatigue with GitGuardian

How Orange Business Transformed Secrets Security with a Prevention-First Approach

Orange Business, the enterprise division of one of Europe's largest telecom operators, faced a significant challenge with secrets sprawl across its vast development environment. With over 3,000 developers working on hundreds of projects, the company was dealing with thousands of potential secret exposures annually. Their initial attempt with an open-source scanner resulted in an overwhelming 17,000 alerts for a single project, which was unusable due to a high false positive rate and lack of prioritization.

The company implemented GitGuardian's secrets detection platform, which provided a drastic reduction in noise with a false positive rate under 5%. GitGuardian enabled a three-layer defense strategy, including a mandatory pre-receive hook in GitLab that blocked commits containing secrets. This prevention-first approach led to an 80% reduction in new secret leaks and fostered proactive corrections from developers, transforming their security posture and ensuring compliance with upcoming regulations.

Orange

Grégory Maitrallain

Solution Architect