Custom webhook
Les custom webhooks vous permettent de recevoir les notifications GitGuardian sur n'importe quel serveur acceptant les requêtes HTTP « POST » entrantes encodées en JSON.
Nous utilisons HMAC avec sha256 comme fonction de hash pour signer le payload de nos requêtes. La clé utilisée est une concaténation du timestamp et du signature token. Cela vous permet de vérifier que les requêtes proviennent bien de GitGuardian et que le payload n'a pas été altéré pendant le transport. Voir ci-dessous comment implémenter la procédure de vérification. Vous pouvez définir le signature token dans vos paramètres.
Le champ « Timestamp » dans le header contre les attaques de replay. Si votre timestamp actuel diffère de notre « Timestamp » d'envoi de plus de quelques secondes, il est plus sûr d'ignorer la requête.
Un header personnalisé peut aussi être ajouté aux requêtes depuis vos paramètres pour spécifier, par exemple, l'environnement ou le service.
Comment créer un endpoint custom webhook
- Naviguez vers Settings > Workspace > Integrations > Destinations > Custom webhook
Pour un workspace personnel
-
Créez un nouveau custom webhook avec le nom de votre webhook et l'URL où vous voulez recevoir les notifications GitGuardian. GitGuardian génère un signature token par défaut pour vous permettre de vérifier l'authenticité du webhook. Le signature token peut être édité, assurez-vous de le stocker dans un endroit sûr car vous ne pourrez plus y accéder après la création du webhook.
-
Sélectionnez les événements auxquels vous voulez vous abonner et recevoir.
-
Configurez l'endpoint de votre côté pour vérifier la requête entrante et gérer les alertes GitGuardian.
Pour un workspace business
- Créez un nouveau custom webhook au niveau équipe.
- Si vous comptez activer le custom webhook pour TOUS les incidents au sein du workspace, créez-le dans l'équipe « All-incidents ».
- Si vous comptez activer le custom webhook pour les incidents au sein d'une équipe particulière, créez-le dans cette équipe.
Cela peut être fait directement depuis la page d'intégration :
ou depuis la page de l'équipe :
- Sélectionnez les événements auxquels vous voulez vous abonner et recevoir.
- Configurez l'endpoint de votre côté pour vérifier la requête entrante et gérer les alertes GitGuardian.
Événements
Vous pouvez vous abonner aux événements suivants depuis GitGuardian Internal Monitoring et/ou GitGuardian Public Monitoring (si votre workspace et équipe ont accès à Public Monitoring) :
| Nom | Description |
|---|---|
| New incident detected | Un nouvel incident a été détecté. |
| New occurrence detected | Une nouvelle occurrence a été détectée pour cet incident. |
| Incident resolved | Cet incident a été résolu. |
| Incident ignored | Cet incident a été ignoré. |
| Incident reopened | Cet incident a été rouvert. |
| Incident regression | Une nouvelle régression a été trouvée pour cet incident. |
| Incident assigned | Cet incident a été assigné à un utilisateur. |
| Incident reassigned | Cet incident a été réassigné à un autre utilisateur. |
| Incident unassigned | Un utilisateur a été désassigné de cet incident. |
| Incident Severity changed | La sévérité a été mise à jour pour cet incident. |
| Incident Validity changed | La validité a été mise à jour pour cet incident. |
| Incident access granted | Un utilisateur s'est vu accorder l'accès à cet incident. |
| Incident access revoked | L'accès à cet incident a été révoqué pour un utilisateur. |
| Incident shared publicly | Un utilisateur a généré un lien de partage public pour cet incident. |
| Incident unshared publicly | Un utilisateur a désactivé le lien de partage public pour cet incident. |
| Feedback submitted | Un feedback a été soumis pour cet incident. |
| New comment on an incident | Une nouvelle note a été créée pour cet incident. |
Comment tester le webhook
Vous pouvez envoyer un message de test depuis le workspace GitGuardian pour vérifier que votre webhook est opérationnel. Voici un exemple de payload du message de test que vous recevrez :
{
"author": {
"info": "sample@sample.sample",
"name": "Sample Sample"
},
"origin": "GitGuardian",
"date": "2042-10-10 04:00:00 PM",
"type": "Welcome Message Token",
"policy": "Secrets detection",
"gitguardian_link": "http://dashboard.gitguardian.com/workspace/34123/incidents/8213",
"break_url": "github.com/sample_user/sample_repo/compare#ae32df",
"severity": "unknown",
"validity": "invalid",
"matches": [
{
"type": "client_id",
"match": "--censored--",
"index_start": 74,
"index_end": 86,
"pre_line_start": 2,
"pre_line_end": 2,
"post_line_start": 3,
"post_line_end": 3
},
{
"type": "client_secret",
"match": "--censored--",
"index_start": 30,
"index_end": 44,
"pre_line_start": 1,
"pre_line_end": 1,
"post_line_start": 2,
"post_line_end": 2
}
]
}
Note : votre message de réponse contiendra le secret correspondant en clair et n'affichera pas
--censored--comme montré ci-dessus.
Comment vérifier la signature du payload
Nous utilisons HMAC avec SHA256 comme fonction de hash pour signer le payload de nos requêtes. La clé utilisée est une concaténation du timestamp et du signature token. Cela vous permet de vérifier que les requêtes proviennent de GitGuardian et que le payload n'a pas été altéré pendant le transport.
Voir ci-dessous comment implémenter la procédure de vérification. Vous pouvez définir le signature token dans vos paramètres.
Le champ Timestamp dans le header contre les attaques de replay. Si votre timestamp actuel diffère de notre Timestamp d'envoi
de plus de quelques secondes, il est plus sûr d'ignorer la requête.
Le Gitguardian-Signature remplace l'ancien header X-GitGuardian-Signature, qui est toujours disponible mais déprécié au profit du nouveau.
Exemple Python3
Voici un exemple en python3 pour vérifier la signature de nos notifications :
- signature provient des headers de notre requête
- timestamp provient des headers de notre requête
- signature_token est le token que vous avez spécifié dans les paramètres
- payload est le corps de notre requête, décodé depuis « utf-8 » (i.e. string représentant notre json)
import hmac
import hashlib
def verify_signature(signature: str, timestamp: str, signature_token: str, payload: str) -> bool:
if not signature.startswith("sha256="):
return False
signature = signature.split("sha256=")[-1]
hmac_digest = hmac.new(key=bytes(timestamp + signature_token, "utf-8"),
msg=bytes(payload, "utf-8"),
digestmod=hashlib.sha256).hexdigest()
return hmac.compare_digest(signature, hmac_digest)
Voici un test unitaire très basique vous permettant de vérifier que votre implémentation est correcte :
assert verify_signature_gitguardian(
signature="sha256=172fe3d694b734aa53dc892fd3b8d62163fc240064de570ba006900bb54a0fc2",
timestamp="0",
signature_token="foo",
payload="bar"
)
Exemple AWS Lambda
Lorsque vous utilisez AWS lambda, une HTTP API Gateway doit être utilisée comme déclencheur.
Vous trouverez ci-dessous deux exemples, respectivement en Javascript et Python, expliquant comment valider le payload reçu depuis le tableau de bord.
Javascript
const { createHmac } = require('crypto')
function verifySignature(signature, timestamp, signatureToken, payload) {
var signatureHeader = signature.substring(0, 7)
if (signatureHeader !== 'sha256=') {
return false
}
var signatureActual = signature.split('=')[1]
var hmac = createHmac(
'sha256',
Buffer.from(timestamp + signatureToken, 'utf8')
)
hmac.update(payload)
var result = hmac.digest('hex')
if (result === signatureActual) {
return true
} else {
return false
}
}
exports.handler = async (event) => {
const payload_signature = event.headers['gitguardian-signature']
const timestamp = event.headers['timestamp']
const webhook_token = '<INSERT SIGNATURE TOKEN HERE>'
const payload = event.body
let statusCode
if (verifySignature(payload_signature, timestamp, webhook_token, payload)) {
console.log('OK')
statusCode = 200
} else {
statusCode = 400
throw new Error()
}
const response = {
statusCode,
}
return response
}
Python
import hmac
import hashlib
import json
def verify_signature(signature: str, timestamp: str, signature_token: str, payload: str) -> bool:
if not signature.startswith("sha256="):
return False
signature = signature.split("sha256=")[-1]
hmac_digest = hmac.new(key=bytes(timestamp + signature_token, "utf-8"),
msg=bytes(payload, "utf-8"),
digestmod=hashlib.sha256).hexdigest()
return hmac.compare_digest(signature, hmac_digest)
def lambda_handler(event, context):
payload_dump = event["body"]
timestamp = event["headers"]["timestamp"]
payload_signature = event["headers"]["gitguardian-signature"]
webhook_token = "<INSERT SIGNATURE TOKEN HERE>"
if verify_signature(payload_signature, timestamp, webhook_token, payload_dump):
return {'statusCode': 200, 'body': json.dumps('Success') }
return {'statusCode': 400, 'body': json.dumps('Failed to verify') }
Structure du payload
attention
Veuillez noter que la livraison des webhooks n'est pas garantie et fonctionne en best effort. Quand un événement webhook est déclenché, GitGuardian envoie une seule requête HTTP POST vers votre endpoint webhook défini. Cependant, si votre endpoint est inaccessible ou s'il y a des problèmes réseau entre GitGuardian et votre serveur, l'événement webhook peut ne pas être reçu. Bien que les webhooks soient généralement fiables, il est important de se rappeler que la livraison ne peut pas être garantie.
Les payloads sont décrits par la spécification OpenAPI. Voici quelques exemples pour les différents événements auxquels vous pouvez vous abonner.
Payloads des événements d'incident
New incident
{
"source": "GitGuardian",
"timestamp": "2022-06-20T07:45:32.930965Z",
"action": "incident_triggered",
"message": "A new incident has been detected.",
"target_user": "GitGuardian",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31542,
"date": "2022-06-20T07:45:31.666462Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 0,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Assign event
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:18:41.917977Z",
"action": "incident_assigned",
"message": "This incident has been assigned to a user.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 1,
"status": "assigned",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": "bruce.wayne@gitguardian.com",
"severity": "medium",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Re-assign event
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:18:41.917977Z",
"action": "incident_reassigned",
"message": "This incident has been reassigned to a different user.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 1,
"status": "assigned",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": "bruce.wayne@gitguardian.com",
"severity": "medium",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Severity change
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:18:22.220508Z",
"action": "incident_severity_changed",
"message": "The severity has been updated for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "no_checker",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "medium",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Validity change
{
"source": "GitGuardian",
"timestamp": "2022-06-17T12:18:22.220508Z",
"action": "incident_validity_changed",
"message": "The validity has been updated for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31450,
"date": "2022-06-15T09:16:42.378417Z",
"detector": {
"name": "generic_password",
"display_name": "Generic Password",
"nature": "generic",
"family": "Other",
"detector_group_name": "generic_password",
"detector_group_display_name": "Generic Password"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "medium",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident resolved
{
"source": "GitGuardian",
"timestamp": "2022-06-22T09:00:16.143457Z",
"action": "incident_resolved",
"message": "This incident has been resolved.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": true,
"validity": "not_checked",
"occurrence_count": 1,
"status": "resolved",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": "2022-06-22T09:00:16.038050Z",
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident ignored
{
"source": "GitGuardian",
"timestamp": "2022-06-22T09:02:57.377837Z",
"action": "incident_ignored",
"message": "This incident has been ignored.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "not_checked",
"occurrence_count": 1,
"status": "ignored",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": "2022-06-22T09:02:57.292217Z",
"ignore_reason": "low_risk",
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident reopened
{
"source": "GitGuardian",
"timestamp": "2022-06-22T09:03:10.775369Z",
"action": "incident_reopened",
"message": "This incident has been reopened.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "not_checked",
"occurrence_count": 1,
"status": "ignored",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": "2022-06-22T09:02:57.292217Z",
"ignore_reason": "low_risk",
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident regression
{
"source": "GitGuardian",
"timestamp": "2022-06-28T09:10:19.966461Z",
"action": "incident_regression",
"message": "A new regression was found for this incident.",
"target_user": "GitGuardian",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 1234,
"date": "2022-06-28T09:10:18.613418Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": true,
"validity": "invalid",
"occurrence_count": 4,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident access granted
{
"source": "GitGuardian",
"timestamp": "2022-06-28T09:15:55.682589Z",
"action": "incident_access_granted",
"message": "A user has been granted access to this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3831600,
"date": "2022-06-28T00:03:46.110078Z",
"detector": {
"name": "stripe",
"display_name": "Stripe Keys",
"nature": "specific",
"family": "token",
"detector_group_name": "stripe_keys",
"detector_group_display_name": "Stripe Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 2,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/8/incidents/xxx",
"share_url": "https://dashboard.gitguardian.com/share/incidents/xxx",
"feedbacks": []
},
"member": {
"id": 3252,
"name": "John Smith",
"email": "john.smith@example.org",
"access_level": "owner"
}
}
member fournit les détails sur le membre qui s'est vu accorder l'accès durant cet événement. Si plusieurs membres ont obtenu l'accès, il y aura un événement par accès accordé.
Incident access revoked
{
"source": "GitGuardian",
"timestamp": "2022-06-28T09:17:01.353280Z",
"action": "incident_access_revoked",
"message": "Access to this incident has been revoked for a user.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3831600,
"date": "2022-06-28T00:03:46.110078Z",
"detector": {
"name": "stripe",
"display_name": "Stripe Keys",
"nature": "specific",
"family": "token",
"detector_group_name": "stripe_keys",
"detector_group_display_name": "Stripe Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 2,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/8/incidents/xxx",
"share_url": "https://dashboard.gitguardian.com/share/incidents/xxx",
"feedbacks": []
},
"member": {
"id": 3252,
"name": "John Smith",
"email": "john.smith@example.org",
"access_level": "owner"
}
}
member fournit les détails sur le membre qui s'est vu révoquer l'accès durant cet événement. Si plusieurs membres ont obtenu l'accès, il y aura un événement par accès accordé.
Incident shared publicly
{
"source": "GitGuardian",
"timestamp": "2022-06-28T08:48:49.290758Z",
"action": "incident_shared_publicly",
"message": "A user has generated a public sharing link for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3827964,
"date": "2022-06-23T14:34:11Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xx",
"share_url": "https://dashboard.gitguardian.com/share/incidents/xxx",
"feedbacks": []
}
}
Incident publicly unshared
{
"source": "GitGuardian",
"timestamp": "2022-06-28T08:49:56.806741Z",
"action": "incident_unshared_publicly",
"message": "A user has deactivated the public sharing link for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3827964,
"date": "2022-06-23T14:34:11Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 2,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
}
}
Incident feedback received
{
"source": "GitGuardian",
"timestamp": "2022-06-28T08:49:56.806741Z",
"action": "incident_feedback_received",
"message": "A feedback has been submitted for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 3827964,
"date": "2022-06-23T14:34:11Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "invalid",
"occurrence_count": 2,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "unknown",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": [
{
"id": 1,
"date": "2022-06-28T08:49:56.806741Z",
"updated_at": "2022-06-28T08:49:56.806741Z",
"revoked": false,
"remarks": "This secret is no longer valid.",
"member": {
"id": 1,
"role": "owner",
"name": "John Doe",
"email": "john.doe@gitguardian.com"
},
"real_secret": false,
"sensitive": false
}
]
}
}
Payload des événements d'occurrence
New occurrence
{
"source": "GitGuardian",
"timestamp": "2022-06-23T09:10:24.594597Z",
"action": "new_occurrence",
"message": "A new occurrence has been detected for this incident.",
"target_user": "GitGuardian",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "not_checked",
"occurrence_count": 5,
"status": "assigned",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": "bruce.wayne@gitguardian.com",
"severity": "high",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
},
"occurrence": {
"id": 1234,
"incident_id": 1243,
"kind": "RLTM",
"sha": "xxx", // only for internal monitoring incidents.
"element_type": "GIT_COMMIT", // only for public monitoring incidents.
"element": "xxx", // only for public monitoring incidents.
"actors": [ // actors section only for public monitoring incidents.
{
"id": 1234,
"type": "github_user",
"name": "xxx",
"email": "xxx@yy.com",
"primary": true,
"url": "https://github.com/xxx"
}
],
"author_name": "GitHub", // only for internal monitoring incidents.
"author_info": "noreply@github.com", // only for internal monitoring incidents.
"date": "2022-06-23T09:10:23.529812Z",
"presence": "visible",
"url": "https://github.com/user/repo/commit/123#diff-xxx",
"filepath": "my/path/TestJS.js",
"change_type": "addition", // only for VCS sources, null otherwise.
"filename": "TestJS.js", // only for public monitoring incidents.
"source": {
"id": 710,
"url": "https://github.com/user/repo",
"type": "github",
"full_name": "name of repository", // only for internal monitoring incidents.
"name": "name of repository", // only for public monitoring incidents.
"health": "at_risk", // only for internal monitoring incidents.
"open_incidents_count": 5, // only for internal monitoring incidents.
"closed_incidents_count": 0, // only for internal monitoring incidents.
"visibility": "private", // only for internal monitoring incidents.
"last_scan": { // only for internal monitoring incidents.
"status": "finished",
"date": "2022-11-18T17:07:59.079520Z"
},
"external_id": "github_id",
"metadata": {} // only for public monitoring incidents.
}
}
}
Payloads des événements de notes
New incident note
{
"source": "GitGuardian",
"timestamp": "2022-06-22T09:11:02.733441Z",
"action": "incident_note_created",
"message": "A new note has been created for this incident.",
"target_user": "John Doe john.doe@gitguardian.com",
"target_team": "My team",
"custom_webhook_name": "My custom webhook name",
"incident": {
"id": 31605,
"date": "2022-06-16T08:23:40Z",
"detector": {
"name": "aws_iam",
"display_name": "AWS Keys",
"nature": "specific",
"family": "credentials",
"detector_group_name": "aws_iam",
"detector_group_display_name": "AWS Keys"
},
"secret_hash": "xxx",
"hmsl_hash": "xxx",
"secret_revoked": false,
"validity": "not_checked",
"occurrence_count": 1,
"status": "triggered",
"declarative_secret_status": "active", // only for public monitoring incidents.
"regression": false, // only for internal monitoring incidents.
"assignee_email": null,
"severity": "high",
"ignored_at": null,
"ignore_reason": null,
"resolved_at": null,
"gitguardian_url": "https://dashboard.gitguardian.com/workspace/1/incidents/xxx",
"share_url": null,
"feedbacks": []
},
"incident_note": {
"id": 46389,
"api_token": null,
"created_at": "2022-06-22T09:11:02.683727Z",
"updated_at": null,
"comment": "This is not a test"
}
}
