Skip to main content

Sources Integration Overview

GitGuardian's Internal Monitoring protects your organization by scanning diverse data sources where secrets might be exposed. From code repositories to collaboration platforms, we help you discover, remediate, and prevent secret leaks across your entire digital ecosystem.

Why Integrate Multiple Sources?

Modern organizations store and share code across numerous platforms and tools. Secrets can leak anywhere: in commit histories, chat messages, documents, or container images. Comprehensive coverage ensures no exposure goes undetected.

Key benefits:

  • Complete visibility: Monitor your entire attack surface, not just git repositories
  • Early detection: Catch secrets before they reach production environments
  • Unified management: View and manage all incidents from a single dashboard
  • Automated remediation: Leverage our workflows to speed up incident response

Source Categories

Version Control Systems (VCS)

Monitor code repositories where secrets are most commonly exposed through commit history and branches.

SourceHistorical ScanReal-timeCustom PerimeterTeam PerimeterPresence CheckSource VisibilityFile Attachments
GitHub
GitHub Enterprise
GitLab
Bitbucket Cloud
Bitbucket Server
Azure DevOps

Coverage includes:

  • Source code files
  • Configuration files
  • Documentation
  • Commit messages and metadata

Container Registries

Scan container images for embedded secrets in application layers, environment variables, and configuration files.

SourceHistorical ScanReal-timeCustom PerimeterTeam PerimeterPresence CheckSource VisibilityFile Attachments
Amazon ECR⏱️N/A
Azure Container Registry⏱️N/A
Docker Hub⏱️N/A
Google Artifact Registry⏱️N/A
JFrog Container Registry⏱️N/A

Coverage includes:

  • Application code in container layers
  • Environment variables and startup scripts
  • Configuration files and SSL certificates
  • Package dependencies and build artifacts

Messaging & Collaboration

**Monitor communication platforms where secrets might be accidentally shared in conversations or file uploads.

SourceHistorical ScanReal-timeCustom PerimeterTeam PerimeterPresence CheckSource VisibilityFile Attachments
Slack
Microsoft Teams⏱️

Coverage includes:

  • Channel messages and threads
  • Private messages (when explicitly authorized)
  • File attachments (select integrations)
  • Code snippets and pastes

Documentation & File Storage

Scan document libraries for secrets in technical documentation, configuration guides, and shared files.

SourceHistorical ScanReal-timeCustom PerimeterTeam PerimeterPresence CheckSource VisibilityFile Attachments
Confluence Cloud⏱️
Confluence Data Center⏱️
SharePoint Online⏱️
OneDrive⏱️

Coverage includes:

  • Technical documentation and wikis
  • Office documents (Word, Excel, PowerPoint)
  • PDF files and presentations
  • Configuration files and templates

Ticketing & Project Management

Monitor project tracking tools where secrets might appear in issue descriptions, comments, or attachments.

SourceHistorical ScanReal-timeCustom PerimeterTeam PerimeterPresence CheckSource VisibilityFile Attachments
Jira Cloud
Jira Data Center
ServiceNow⏱️

Coverage includes:

  • Issue descriptions and comments
  • Project documentation
  • Ticket attachments (select integrations)
  • Custom field content

Custom Sources

Extend monitoring to any data source with Bring Your Own Sources

SourceHistorical ScanReal-timeCustom PerimeterTeam PerimeterPresence CheckSource VisibilityFile Attachments
Custom SourcesManualManual

Sky is the limit! With Custom Sources you can cover:

  • CI/CD logs and build artifacts.
  • Legacy systems and databases.
  • FTP servers and file shares.
  • Any custom data source via API.
  • Etc...

Feature Information

Legend

SymbolMeaning
Fully supported
⏱️Incremental scanning (scheduled intervals)
Coming soon
Not supported
N/ANot applicable for this source type

Feature Definitions

  • Historical Scan: Scans existing content when integration is first set up, covering the historical debt.
  • Real-time: Event-based monitoring that detects new content instantly as it's created or modified.
  • Incremental: Scheduled monitoring that scans for new content at regular intervals (typically every few hours).
  • Custom Perimeter: Allows granular control over which repositories, channels, or resources are monitored.
  • Team Perimeter: Supports team-based access control for incidents.
  • Presence Check: Verifies if detected secrets are still accessible.
  • Source Visibility: Determines if the source can distinguish between public and private content visibility.
  • File Attachments: Scans files attached to messages or tickets.

Security & Compliance

Data Protection

  • Read-only access: Integrations never modify your source data.
  • Minimal retention: We store only metadata necessary for incident management.
  • Encryption: All data is encrypted in transit and at rest.
  • Regional compliance: Available in multiple regions to meet data residency requirements.

Privacy Considerations

  • Explicit consent: Private channels/repositories require explicit authorization.
  • Configurable perimeter: Control exactly what gets scanned.
  • GDPR compliant: Full support for European data protection regulations.
  • Audit trails: Complete visibility into what data is accessed

Getting Started

  1. Plan your integration strategy: Identify your highest-risk sources first.
  2. Start with VCS: Git repositories typically contain the most critical secrets
  3. Expand gradually: Add collaboration and documentation platforms
  4. Configure perimeters: Customize what content gets scanned
  5. Set up alerting: Configure notifications for your security team

Managing your integrations

Once you've set up your integrations, learn how to effectively Monitor Your Perimeter, including dashboard usage, scanning types, source status, and troubleshooting.

Support & Troubleshooting

  • Plan requirements: Most integrations require Business or Enterprise plans
  • Trial available: 30-day free trial for most integrations
  • Support channels: Available through your GitGuardian dashboard
  • Documentation: Comprehensive guides for each integration

Ready to enhance your security posture? Start with our most popular integration: GitHub.