Custom webhook
Les custom webhooks vous permettent de recevoir les notifications GitGuardian sur n'importe quel serveur qui accepte les requêtes HTTP "POST" entrantes encodées en json.
Nous utilisons HMAC avec sha256 comme fonction de hachage pour signer le payload de nos requêtes. La clé utilisée est une concaténation de chaînes du timestamp et du signature token. Cela vous permet de vérifier que les requêtes proviennent bien de GitGuardian et que le payload n'a pas été altéré pendant le transport. Voir ci-dessous comment implémenter la procédure de vérification. Vous pouvez définir le signature token dans vos paramètres.
Le champ « Timestamp » dans l'en-tête contre les attaques par rejeu. Si votre timestamp actuel diffère du « Timestamp » que nous envoyons de plus de quelques secondes, il est plus sûr de rejeter la requête.
Un en-tête personnalisé peut également être ajouté aux requêtes depuis vos paramètres pour spécifier, par exemple, l'environnement ou le service.
Comment créer un endpoint custom webhook
- Naviguez vers Settings > Workspace > Integrations > Destinations > Custom webhook
Pour un workspace personnel
-
Créez un nouveau custom webhook avec le nom de votre webhook et l'URL où vous souhaitez recevoir les notifications GitGuardian. GitGuardian génère un signature token par défaut pour vous permettre de vérifier l'authenticité du webhook. Le signature token peut être modifié, assurez-vous de le stocker dans un endroit sûr car vous ne pourrez plus y accéder après la création du webhook.
-
Sélectionnez les événements auxquels vous souhaitez vous abonner et que vous souhaitez recevoir.
-
Configurez l'endpoint de votre côté pour vérifier la requête entrante et traiter les alertes GitGuardian.
Pour un workspace business
- Créez un nouveau custom webhook au niveau de l'équipe.
- Si vous souhaitez activer le custom webhook pour TOUS les incidents au sein du workspace, vous devez le créer au sein de la « All-incidents team ».
- Si vous souhaitez activer le custom webhook pour les incidents d'une équipe particulière, vous devez le créer au sein de cette équipe.
Cela peut être fait directement depuis la page d'intégration :
ou depuis la page de l'équipe :
- Sélectionnez les événements auxquels vous souhaitez vous abonner et que vous souhaitez recevoir.
- Configurez l'endpoint de votre côté pour vérifier la requête entrante et traiter les alertes GitGuardian.
Événements
Vous pouvez vous abonner aux événements suivants depuis GitGuardian Internal Monitoring et/ou GitGuardian Public Monitoring (si votre workspace et votre équipe ont accès à Public Monitoring) :
| Nom | Description |
|---|---|
| New incident detected | Un nouvel incident a été détecté. |
| New occurrence detected | Une nouvelle occurrence a été détectée pour cet incident. |
| Incident Validity changed | La validité a été mise à jour pour cet incident. |
| Incident status change | Déclenché lorsque le statut d'un incident est mis à jour. |
| Incident resolved | Cet incident a été résolu. |
| Incident ignored | Cet incident a été ignoré. |
| Incident reopened | Cet incident a été rouvert. |
| Incident regression | Une nouvelle occurrence a été détectée par le scan en temps réel d'une source connectée pour un incident précédemment marqué comme résolu (manuellement ou par l'auto-resolver). |
| Incident Severity changed | La sévérité a été mise à jour pour cet incident. |
| Risk score updated (Business plan) | Le score de risque a été mis à jour pour cet incident. |
| Incident assignments | Déclenché lorsqu'un incident est assigné, réassigné ou désassigné. |
| Incident assigned | Cet incident a été assigné à un utilisateur. |
| Incident reassigned | Cet incident a été réassigné à un autre utilisateur. |
| Incident unassigned | Un utilisateur a été désassigné de cet incident. |
| Incident access | Déclenché lorsque l'accès d'un utilisateur à un incident change. |
| Incident access granted | Un accès à cet incident a été accordé à un utilisateur. |
| Incident access revoked | L'accès à cet incident a été révoqué pour un utilisateur. |
| Publicly shared | Déclenché lorsque le lien de partage public d'un incident change. |
| Incident shared publicly | Un utilisateur a généré un lien de partage public pour cet incident. |
| Incident unshared publicly | Un utilisateur a désactivé le lien de partage public pour cet incident. |
| Messages | Déclenché lorsqu'un nouveau message est ajouté à un incident. |
| Feedback submitted | Un retour a été soumis pour cet incident. |
| New comment on an incident | Une nouvelle note a été créée pour cet incident. |
Comment tester le webhook
Vous pouvez envoyer un message de test depuis le workspace GitGuardian afin de vérifier que votre webhook est opérationnel. Voici un exemple de payload du message de test que vous recevrez :
{
"author": {
"info": "sample@sample.sample",
"name": "Sample Sample"
},
"origin": "GitGuardian",
"date": "2042-10-10 04:00:00 PM",
"type": "Welcome Message Token",
"policy": "Secrets detection",
"gitguardian_link": "http://dashboard.gitguardian.com/workspace/34123/incidents/8213",
"break_url": "github.com/sample_user/sample_repo/compare#ae32df",
"severity": "unknown",
"validity": "invalid",
"matches": [
{
"type": "client_id",
"match": "--censored--",
"index_start": 74,
"index_end": 86,
"pre_line_start": 2,
"pre_line_end": 2,
"post_line_start": 3,
"post_line_end": 3
},
{
"type": "client_secret",
"match": "--censored--",
"index_start": 30,
"index_end": 44,
"pre_line_start": 1,
"pre_line_end": 1,
"post_line_start": 2,
"post_line_end": 2
}
]
}
Note : votre message de réponse contiendra le secret correspondant en clair et n'apparaîtra pas comme
--censored--comme indiqué ci-dessus.
Comment vérifier la signature du payload
Nous utilisons HMAC avec SHA256 comme fonction de hachage pour signer le payload de nos requêtes. La clé utilisée est une concaténation de chaînes du timestamp et du signature token. Cela vous permet de vérifier que les requêtes proviennent bien de GitGuardian et que le payload n'a pas été altéré pendant le transport.
Voir ci-dessous comment implémenter la procédure de vérification. Vous pouvez définir le signature token dans vos paramètres.
Le champ Timestamp dans l'en-tête contre les attaques par rejeu. Si votre timestamp actuel diffère de notre Timestamp envoyé
de plus de quelques secondes, il est plus sûr de rejeter la requête.
L'en-tête Gitguardian-Signature remplace l'ancien en-tête X-GitGuardian-Signature, qui reste disponible mais est déprécié à mesure que nous basculons vers le nouveau.
Exemple en Python3
Voici un exemple en python3 montrant comment vérifier la signature de nos notifications :
- signature provient des en-têtes de notre requête
- timestamp provient des en-têtes de notre requête
- signature_token est le token que vous avez spécifié dans les paramètres
- payload est le corps de notre requête, décodé depuis « utf-8 » (c'est-à-dire la chaîne représentant notre json)
import hmac
import hashlib
def verify_signature(signature: str, timestamp: str, signature_token: str, payload: str) -> bool:
if not signature.startswith("sha256="):
return False
signature = signature.split("sha256=")[-1]
hmac_digest = hmac.new(key=bytes(timestamp + signature_token, "utf-8"),
msg=bytes(payload, "utf-8"),
digestmod=hashlib.sha256).hexdigest()
return hmac.compare_digest(signature, hmac_digest)
Voici un test unitaire très basique qui vous permet de vérifier que votre implémentation est correcte :
assert verify_signature_gitguardian(
signature="sha256=172fe3d694b734aa53dc892fd3b8d62163fc240064de570ba006900bb54a0fc2",
timestamp="0",
signature_token="foo",
payload="bar"
)
Exemple AWS Lambda
Lors de l'utilisation d'AWS lambda, une HTTP API Gateway doit être utilisée comme déclencheur.
Vous trouverez ci-dessous deux exemples, respectivement en Javascript et Python, sur la manière de valider le payload reçu depuis le dashboard.
Javascript
const { createHmac } = require('crypto')
function verifySignature(signature, timestamp, signatureToken, payload) {
var signatureHeader = signature.substring(0, 7)
if (signatureHeader !== 'sha256=') {
return false
}
var signatureActual = signature.split('=')[1]
var hmac = createHmac(
'sha256',
Buffer.from(timestamp + signatureToken, 'utf8')
)
hmac.update(payload)
var result = hmac.digest('hex')
if (result === signatureActual) {
return true
} else {
return false
}
}
exports.handler = async (event) => {
const payload_signature = event.headers['gitguardian-signature']
const timestamp = event.headers['timestamp']
const webhook_token = '<INSERT SIGNATURE TOKEN HERE>'
const payload = event.body
let statusCode
if (verifySignature(payload_signature, timestamp, webhook_token, payload)) {
console.log('OK')
statusCode = 200
} else {
statusCode = 400
throw new Error()
}
const response = {
statusCode,
}
return response
}
Python
import hmac
import hashlib
import json
def verify_signature(signature: str, timestamp: str, signature_token: str, payload: str) -> bool:
if not signature.startswith("sha256="):
return False
signature = signature.split("sha256=")[-1]
hmac_digest = hmac.new(key=bytes(timestamp + signature_token, "utf-8"),
msg=bytes(payload, "utf-8"),
digestmod=hashlib.sha256).hexdigest()
return hmac.compare_digest(signature, hmac_digest)
def lambda_handler(event, context):
payload_dump = event["body"]
timestamp = event["headers"]["timestamp"]
payload_signature = event["headers"]["gitguardian-signature"]
webhook_token = "<INSERT SIGNATURE TOKEN HERE>"
if verify_signature(payload_signature, timestamp, webhook_token, payload_dump):
return {'statusCode': 200, 'body': json.dumps('Success') }
return {'statusCode': 400, 'body': json.dumps('Failed to verify') }
Structure du payload
attention
Veuillez noter que l'envoi des webhooks n'est pas garanti et est effectué au mieux. Lorsqu'un événement de webhook est déclenché, GitGuardian envoie une seule requête HTTP POST vers l'endpoint webhook que vous avez défini. Cependant, si votre endpoint est inaccessible ou s'il y a des problèmes réseau entre GitGuardian et votre serveur, l'événement webhook peut ne pas être reçu. Bien que les webhooks soient généralement fiables, il est important de retenir que l'envoi ne peut pas être garanti.
Les payloads sont décrits par la spécification OpenAPI. Voici quelques exemples pour les différents événements auxquels vous pouvez vous abonner.
New incident
{
"source": "GitGuardian",
"timestamp": "2022-06-20T07:45:32.930965Z",
"action": "incident_triggered",
"message": "A new incident has been detected.",
"target_user": "GitGuardian",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31542,
"date": "2022-06-20T07:45:31.666462Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 0,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Assign event
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:18:41.917977Z",
"action": "incident_assigned",
"message": "This incident has been assigned to a user.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 1,
"status": "assigned",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": "bruce.wayne@gitguardian.com",
"severity": "medium",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Re-assign event
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:18:41.917977Z",
"action": "incident_reassigned",
"message": "This incident has been reassigned to a different user.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 1,
"status": "assigned",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": "bruce.wayne@gitguardian.com",
"severity": "medium",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Unassign event
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:20:10.500000Z",
"action": "incident_unassigned",
"message": "A user was unassigned from this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "medium",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": [],
"risk_score": null
}
}
Risk score updated
Cet événement n'est envoyé qu'aux workspaces sur un plan Business.
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:25:00.000000Z",
"action": "incident_risk_score_updated",
"message": "The risk score has been updated for this incident.",
"target_user": "GitGuardian",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": [],
"risk_score": 350
}
}
Note : chaque objet
incidentcomporte également un champ entier facultatifrisk_score(renseigné uniquement sur les plans Business). Il est omis dans les autres exemples pour des raisons de concision.
Severity change
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:18:22.220508Z",
"action": "incident_severity_changed",
"message": "The severity has been updated for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "medium",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Validity change
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:18:22.220508Z",
"action": "incident_validity_changed",
"message": "The validity has been updated for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "medium",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident resolved
{
"source": "GitGuardian",
"timestamp": "2022-06-22T09:00:16.143457Z",
"action": "incident_resolved",
"message": "This incident has been resolved.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": true,
"validity": "not_checked",
"occurrence_count": 1,
"status": "resolved",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": "2022-06-22T09:00:16.038050Z",
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident ignored
{
"source": "GitGuardian",
"timestamp": "2022-06-22T09:02:57.377837Z",
"action": "incident_ignored",
"message": "This incident has been ignored.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "not_checked",
"occurrence_count": 1,
"status": "ignored",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": "2022-06-22T09:02:57.292217Z",
"ignore_reason": "low_risk",
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident reopened
{
"source": "GitGuardian",
"timestamp": "2022-06-22T09:03:10.775369Z",
"action": "incident_reopened",
"message": "This incident has been reopened.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "not_checked",
"occurrence_count": 1,
"status": "ignored",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": "2022-06-22T09:02:57.292217Z",
"ignore_reason": "low_risk",
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident regression
{
"source": "GitGuardian",
"timestamp": "2022-06-28T09:10:19.966461Z",
"action": "incident_regression",
"message": "A new regression was found for this incident.",
"target_user": "GitGuardian",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 1234,
"date": "2022-06-28T09:10:18.613418Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": true,
"validity": "invalid",
"occurrence_count": 4,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident access granted
{
"source": "GitGuardian",
"timestamp": "2022-06-28T09:15:55.682589Z",
"action": "incident_access_granted",
"message": "A user has been granted access to this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3831600,
"date": "2022-06-28T00:03:46.110078Z",
"detector": {
"name": "stripe",
"display_name": "Stripe Keys",
"nature": "specific",
"family": "token",
"detector_group_name": "stripe_keys",
"detector_group_display_name": "Stripe Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 2,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/8/incidents/xxx",
"share_url": "https://dashboard.gitguardian.com/share/incidents/xxx",
"feedbacks": []
},
"member": {
"id": 3252,
"name": "John Smith",
"email": "john.smith@example.org",
"access_level": "owner"
}
}
member fournit les détails concernant le membre auquel l'accès a été accordé lors de cet événement. Si l'accès a été accordé à plusieurs membres, il y aura un événement pour chaque accès accordé.
Incident access revoked
{
"source": "GitGuardian",
"timestamp": "2022-06-28T09:17:01.353280Z",
"action": "incident_access_revoked",
"message": "Access to this incident has been revoked for a user.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3831600,
"date": "2022-06-28T00:03:46.110078Z",
"detector": {
"name": "stripe",
"display_name": "Stripe Keys",
"nature": "specific",
"family": "token",
"detector_group_name": "stripe_keys",
"detector_group_display_name": "Stripe Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 2,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/8/incidents/xxx",
"share_url": "https://dashboard.gitguardian.com/share/incidents/xxx",
"feedbacks": []
},
"member": {
"id": 3252,
"name": "John Smith",
"email": "john.smith@example.org",
"access_level": "owner"
}
}
member fournit les détails concernant le membre dont l'accès a été révoqué lors de cet événement. Si l'accès a été accordé à plusieurs membres, il y aura un événement pour chaque accès accordé.
Incident shared publicly
{
"source": "GitGuardian",
"timestamp": "2022-06-28T08:48:49.290758Z",
"action": "incident_shared_publicly",
"message": "A user has generated a public sharing link for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3827964,
"date": "2022-06-23T14:34:11Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xx",
"share_url": "https://dashboard.gitguardian.com/share/incidents/xxx",
"feedbacks": []
}
}
Incident publicly unshared
{
"source": "GitGuardian",
"timestamp": "2022-06-28T08:49:56.806741Z",
"action": "incident_unshared_publicly",
"message": "A user has deactivated the public sharing link for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3827964,
"date": "2022-06-23T14:34:11Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 2,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident feedback received
{
"source": "GitGuardian",
"timestamp": "2022-06-28T08:49:56.806741Z",
"action": "incident_feedback_received",
"message": "A feedback has been submitted for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3827964,
"date": "2022-06-23T14:34:11Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 2,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": [
{
"id": 1,
"date": "2022-06-28T08:49:56.806741Z",
"updated_at": "2022-06-28T08:49:56.806741Z",
"revoked": false,
"remarks": "This secret is no longer valid.",
"member": {
"id": 1,
"role": "owner",
"name": "John Doe",
"email": "john.doe@gitguardian.com"
},
"real_secret": false,
"sensitive": false
}
]
}
}
New occurrence
{
"source": "GitGuardian",
"timestamp": "2022-06-23T09:10:24.594597Z",
"action": "new_occurrence",
"message": "A new occurrence has been detected for this incident.",
"target_user": "GitGuardian",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "not_checked",
"occurrence_count": 5,
"status": "assigned",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": "bruce.wayne@gitguardian.com",
"severity": "high",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
},
"occurrence": {
"id": 1234,
"incident_id": 1243,
"kind": "RLTM",
"sha": "xxx", // only for internal monitoring incidents.
"element_type": "GIT_COMMIT", // only for public monitoring incidents.
"element": "xxx", // only for public monitoring incidents.
"actors": [ // actors section only for public monitoring incidents.
{
"id": 1234,
"type": "github_user",
"name": "xxx",
"email": "xxx@yy.com",
"primary": true,
"url": "https://github.com/xxx"
}
],
"author_name": "GitHub", // only for internal monitoring incidents.
"author_info": "noreply@github.com", // only for internal monitoring incidents.
"date": "2022-06-23T09:10:23.529812Z",
"presence": "visible",
"url": "https://github.com/user/repo/commit/123#diff-xxx",
"filepath": "my/path/TestJS.js",
"change_type": "addition", // only for VCS sources, null otherwise.
"filename": "TestJS.js", // only for public monitoring incidents.
"source": {
"id": 710,
"url": "https://github.com/user/repo",
"type": "github",
"full_name": "name of repository", // only for internal monitoring incidents.
"name": "name of repository", // only for public monitoring incidents.
"health": "at_risk", // only for internal monitoring incidents.
"open_incidents_count": 5, // only for internal monitoring incidents.
"closed_incidents_count": 0, // only for internal monitoring incidents.
"visibility": "private", // only for internal monitoring incidents.
"last_scan": { // only for internal monitoring incidents.
"status": "finished",
"date": "2022-11-18T17:07:59.079520Z"
},
"external_id": "github_id",
"metadata": {} // only for public monitoring incidents.
}
}
}
New incident note
{
"source": "GitGuardian",
"timestamp": "2022-06-22T09:11:02.733441Z",
"action": "incident_note_created",
"message": "A new note has been created for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "not_checked",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
},
"incident_note": {
"id": 46389,
"api_token": null,
"created_at": "2022-06-22T09:11:02.683727Z",
"updated_at": null,
"comment": "This is not a test"
}
}
Ces événements sont envoyés aux workspaces ayant Honeytoken activé. Ils sont émis au niveau du workspace, donc target_user est toujours null.
New honeytoken event
{
"source": "GitGuardian",
"timestamp": "2022-06-28T09:10:19.966461Z",
"action": "new_honeytoken_event",
"message": "A new honeytoken event has been received.",
"target_user": null,
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"honeytoken_event": {
"id": "a1b2c3d4-0000-0000-0000-000000000000",
"honeytoken_id": "f9e8d7c6-0000-0000-0000-000000000000",
"triggered_at": "2022-06-28T09:10:18.613418Z",
"status": "open", // "open" or "closed".
"ip_address": "1.2.3.4",
"action": "GetCallerIdentity",
"data": {
"user_agent": "aws-cli/2.0.0 Python/3.9",
"region": "us-east-1"
},
"tags": ["production"]
}
}
Honeytoken triggered
{
"source": "GitGuardian",
"timestamp": "2022-06-28T09:10:19.966461Z",
"action": "honeytoken_triggered",
"message": "This honeytoken has been triggered.",
"target_user": null,
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"honeytoken": {
"id": "f9e8d7c6-0000-0000-0000-000000000000",
"name": "My AWS honeytoken",
"description": "Deployed in CI config",
"created_at": "2022-06-01T08:00:00Z",
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/honeytokens/xxx",
"status": "triggered", // "active", "revoked" or "triggered".
"triggered_at": "2022-06-28T09:10:18.613418Z",
"revoked_at": null,
"open_events_count": 1,
"type": "AWS",
"creator_id": 3252,
"creator_api_token_id": null,
"revoker_id": null,
"revoker_api_token_id": null
}
}
