Monitor your perimeter
VCS integrations
Currently, we support GitHub
, GitHub Enterprise
, and GitLab
repositories integrated with the GitGuardian Platform. For more information on VCS integration, please check the specific documentation.
We scan the default branch of each monitored repository.
Supported languages
GitGuardian SCA supports declaration and lock files in the programming languages and for dependency managers listed below:
Language | Dependency Manager | Dependency File |
---|---|---|
Python | PyPI | Pipfile Pipfile.lock requirements.txt (and variants e.g. requirements-prod.txt) setup.py setup.cfg pyproject.toml poetry.lock pdm.lock tox.ini conda.yaml (and variants e.g. environment.yaml) |
Ruby | RubyGems | Gemfile Gemfile.lock |
Go | Golang | go.mod |
Java | Maven | Pom.xml |
JavaScript | npm | package.json package-lock.json yarn.lock (v1, v2 and v3) |
PHP | Packagist | composer.json composer.lock |
Rust | Crates | Cargo.toml Cargo.lock |
We are expanding our programming language support. Feel free to guide our efforts by submitting support requests to our Portal.
How does GitGuardian SCA scanning work?
We provide real-time scanning and create incidents:
- Either when a new vulnerability is discovered for a dependency that was already in your code,
- Or when you introduce a new dependency with an existing vulnerability.
We scan at each creation, modification, or deletion of any dependency file in your monitored sources. We create an incident if a new vulnerability is found, even though no dependency file was modified.
Sources view
Sources
view gives you an overview of the health of your repositories. It provides the number of open incidents grouped by severity across each monitored repository.
The list displays an editable source criticality for each repository. This feature allows you to assign importance to each monitored source, whether sources are involved in customer-facing or internal applications. It helps you prioritize security incidents based on the potential impact of a security breach on the source—more information on source criticality on GitGuardian Platform perimeters.
The detailed information panel, accessible by clicking on a specific source, allows you to:
- Have an overview of the incidents related to the repository,
- Edit the source criticality,
- Access the incidents view filtered on this particular source,
- Generate repositories Software Bill of Materials (SBOMs).