Skip to main content

Investigate and remediate your first open incident

What is an incident? What are the implications of an incident?#

Incidents are open issues that need your attention to be resolved. GitGuardian raises two types of incidents:

  • Secret incidents

    Our secrets detection engine scans your sources code for hardcoded secrets to display them in your dashboard.

  • Policy break incidents

    In addition, GitGuardian also checks your source code against security policies like the presence of sensitive filenames and file extensions. These policy checks only run during real-time monitoring. We will focus on secret incidents in the rest of this paragraph, visit the [Policy breaks section] if you want to learn more about this.

Leaving a secret in plain text in source control represents a threat for the security of the resources that are protected by that secret. To learn more about why hardcoded secrets are a vulnerability that needs your Application or Product Security teams' attention, read the related paragraph in our Core Concepts section.

Incidents and occurrences#

The same secret can be seen multiple times in your VCS. They are referred to as occurrences. GitGuardian automatically groups several occurrences under the same incident in order to facilitate your remediation process.

Thus, an occurrence of a secret incident is uniquely identified by the combination of the following parameters:

  • the source (GitHub repository or GitLab project) impacted by the secret occurrence
  • the commit in which we detected the secret occurrence
  • the commit file containing the secret occurrence
  • the line within the commit file where the secret occurred

Alerts are sent only when a new incident is created or reopened because of a regression. A new occurrence attached to an already-existing open secret incident won't raise any alerts.