Custom remediation messages
The custom remediation message feature offers a fresh approach to informing all developers within your organization on utilizing internal resources for secrets management. This functionality enables the enforcement of best practices without impeding developers' daily tasks and will help them enhance their coding practices and adhere to internal policies.
How is this useful?
Our goal is to prevent developers from being blocked without the necessary guidance to properly use secrets in their code once they are blocked by our detection engine. This situation often leads them to seek workarounds to push their code.
By providing detailed and informative messages, we can ensure they have the correct information to promptly address any issues in their code and proceed with their tasks.
This customization was initially accessible for display on the Incident page within the platform and is now also accessible for the GitGuardian CLI (ggshield) at various touchpoints.
- Pre-Commit
- Pre-Push
- Pre-Receive
Example:
How to configure it ?
Navigate to Settings > Secrets Detection > Remediation Workflow.
There are four tabs available for configuring the four relevant touchpoints.
Once you save your custom message, it will be live and displayed the next time a developer is blocked at the relevant touchpoint.
You can easily revert to the default message by clicking on "reset to default".
FAQ
Do you provide a custom message when developers scan paths with GitGuardian CLI?
Currently not available, but will be included in the upcoming version of this feature.
If I have the Github or Gitlab integration activated, where can I configure the message display in Pull Requests (check runs)?
You can configure this at the integration level.
Navigate to Settings > Integrations > Github (or Gitlab) integration.