Monitor your open incidents
Please note that the IaC monitoring features are currently in private beta. To activate them, please join the waitlist directly from your GitGuardian dashboard!
Integrate your repositories
Before initiating the monitoring your of IaC incidents, you need to add at least one repository directly from your GitGuardian dashboard.
For more information about VCS integrations, please check the specific documentation.
Note that the Infra as Code Security module currently only supports monitoring for GitHub, GitLab and Azure DevOps repositories.
If you require support for a specific VCS, we encourage you to upvote the corresponding feature(s) or submit a new idea through our portal.
Check your open IaC incidents
Upon accessing the IaC section directly from your GitGuardian dashboard, you will be able to see the list of incidents referring to IaC vulnerabilities detected in your monitored repositories.
Each new IaC incident is automatically assigned with:
- A unique ID.
- The
triggered
status. - The detection date.
- Severity and name of the matched rule.
- Location details based on the source (repository), filename and the resource name.
- The source criticality as long as a criticality is defined for this specific source. Please refer to this page for more details.
- The
ignored using ggshield
tag appears when one of your developers asks ggshield to ignore a particular incident. This could be done either through an inline comment in your code or through ggshield’s configuration. Please refer to ggshield's IaC How to documentation for more details.
By default, all incidents are displayed and ordered based on their detection date. However, if you prefer to see a subset of your IaC incidents, feel free to filter them using their severity, their source, their involved policy ID, their current status or on the presence of a tag.
Also, feel free to order your IaC incidents using their detection date, severity, resource or policy.