SpectralOps

Spectral is a reliable gatekeeper for our secrets

Pluspunten:

Spectral is easy to set up and use, and it provides valuable insights into sensitive issues.

Minpunten:

The reports can be better, with more options to slice & dice the issues.

Great for code secutity

Opmerkingen: It helps us with fixing open code and key security issues in public and private repos

Pluspunten:

I like the daily scan of all our repositories, it helps us to fix importent security issues in the code. Also the support team is very good .

Minpunten:

The UI was slowly in performance. Also some settings issues (but this was resolved by support)

Solved our headache with Azure DevOps

Opmerkingen: We've solved the issue of having zero visibility into our ADO environment with SpectralOps.

Pluspunten:

Integrates easily into ADO, allowing us to track down exposures which we previously had no knowledge about.

Minpunten:

Would be good to see a snippet of the offending code inside the portal without needing to navigate to the source. No ability to customise the 'Code' tab, would be handy to adjust the order in which we're seeing issues. I.e: Date / Secret / Info / Severity / Status. The term 'Error' for exposures can get slightly confusing, would prefer to see the term 'Open Secret' or 'At Risk'. No ability to directly test a code block for secret exposures directly through the portal.

\

Pluspunten:

Good notifications and monitoring. Easy integration.

Minpunten:

Some detectors are too aggressive Customisation.

Very nice yet not fully polished.

Pluspunten:

Scanning speed, support and speed of development

Minpunten:

Missing UI features Many false alerts, for example the Github action workflow file is failing on itself because it contains curl to a script with a pipe to sh ("curl spectral.io/script.sh | sh")