How GitGuardian works

GitGuardian architecture

Server-side VCS integration

GitGuardian's internal repository monitoring product integrates natively with your VCS (Version Control System), hence on the server side. This is done through a GitHub app or a webhook for GitLab or Bitbucket. GitGuardian "listens" to all the events reaching the post-receive hook stage.

Read our blog article if you want to learn more about hooks and why we believe they are a must-have when it comes to automated secrets detection.

Scanning incremental change

Commits contained in such events, typically push events, are then scanned by our library of secrets detectors. If a secret is detected, an incident is raised in your dashboard instantly and you get alerted in real time.

Scanning your commit history

GitGuardian also gives you the ability (and encourages you) to scan the entire git history of your perimeter. All secrets present in your code prior to installing GitGuardian will be detected.

GitGuardian dashboard

GitGuardian dashboard users have access to all detected secrets and are typically in charge of ensuring proper remediation. Through the dashboard, users can collaborate with teammates and configure custom monitoring settings.