Bulk actions on incidents
Bulk actions allow you to perform the same action on multiple incidents simultaneously, improving your remediation workflow efficiency.
How to use bulk actions
- Navigate to your incidents page
- Select multiple incidents using checkboxes
- The bulk actions toolbar appears at the top
- Choose your desired action
Use the header checkbox to select all incidents on the page, or click "Select all X incidents" to select all matching your current filters.
Available actions
Status management
- Assign/Unassign: Distribute incidents to team members
- Resolve: Mark incidents as fixed (requires resolution reason)
- Ignore: Mark as false positives or non-issues (requires ignore reason)
- Reopen: Change closed incidents back to open status
Organization
- Set severity: Update priority levels (Critical, High, Medium, Low)
- Add custom tags: Categorize incidents (requires workspace configuration)
- Comment: Add notes visible in incident timelines
Collaboration
- Share: Grant access to users or teams (Business plan only)
- Download: Export incident data as CSV reports
ML-Powered Similar Incident Grouping
This feature is currently in early access. To access the early preview, please reach out to support@gitguardian.com.
GitGuardian's ML-powered similar incident grouping helps you identify and manage related incidents more efficiently by automatically detecting incidents that share similar characteristics and context.
How it works
When viewing an incident detail page, you'll see a Similar Incidents section in the sidebar that displays incidents with similar patterns detected by our machine learning algorithms. This feature analyzes incident context beyond just detector types to identify meaningful relationships.
Common grouping scenarios
The ML algorithm identifies various types of similar incidents:
- Rotating tokens in automated files: Same file continuously leaking different tokens through automation
- QA test credentials: Test keys (Slack bots, Postman API keys) appearing across similar contexts
- Database connection strings: Multiple connection strings to the same environment with different credentials
- Repeated false positives: High-entropy strings in logs or test scripts that are likely system-generated
- Templating code leaks: Multiple developers using shared tutorials or templates with similar leaked secrets
- Known noisy patterns: Consistent false positives from specific file types or internal services
Using similar incidents with bulk actions
- From incident details: View similar incidents in the sidebar and click on "View X similar incidents" to see them in the main incidents list
- Filter by similarity: In the search box, use similar_to to show only incidents similar to a specific incident
- Sort by similarity: Use the “Similar incidents” column to sort the list by most or least similar, and jump directly to a similar incident
- Apply bulk actions: Select similar incidents and perform bulk operations like resolving, assigning, or tagging them together
This feature is particularly useful for:
- Identifying false positives: Group and dismiss similar false positive incidents in bulk
- Consistent remediation: Apply the same remediation approach to incidents that require similar fixes
- Reducing incident fatigue: Focus on unique issues while efficiently handling repetitive incidents
ML-Powered Similar Incident Grouping is available for Business and Enterprise plans.
Best practices
- Filter first: Use search and filters to narrow your selection
- Verify selection: Check the count before executing actions
- Start small: Begin with smaller batches to learn the workflow
- Document actions: Use comments to explain bulk decisions
- Use similar grouping: Leverage ML grouping to identify related incidents before applying bulk actions
Permissions
- Can view: No bulk actions available
- Can edit: All actions except sharing
- Full access: All bulk actions including sharing
Some incidents may be excluded if you lack sufficient permissions for those specific incidents.
