Skip to main content

Investigate and remediate your first open incident

What is an incident? What are the implications of an incident?#

Incidents are open issues that need your attention to be resolved. GitGuardian raises two types of incidents:

  • Secret incidents
    Our secrets detection engine scans your sources code for hardcoded secrets to display them in your dashboard.

  • Policy break incidents

    In addition, GitGuardian also checks your source code against security policies like the presence of sensitive filenames and file extensions. These policy checks only run during real-time monitoring. We will focus on secret incidents in the rest of this paragraph, visit the Policy breaks section if you want to learn more about this.

Leaving a secret in plain text in source control represents a threat for the security of the resources that are protected by that secret. To learn more about why hardcoded secrets are a vulnerability that needs your Application or Product Security teams' attention, read the related paragraph in our Core Concepts section.

What are the occurrences of an incident?#

The same secret can be seen multiple times in your VCS. They are referred to as occurrences.
GitGuardian streamlines the remediation process by automatically grouping multiple occurrences of the same secret into a single secret incident.

Thus, an occurrence of a secret incident is uniquely identified by the combination of the following parameters:

  • the source (for instance: a GitHub repository or a GitLab project) impacted by the secret occurrence,
  • the commit in which we detected the secret occurrence,
  • the commit file containing the secret occurrence,
  • the line within the commit file where the secret occurred.

Alerts are sent only when a new incident is created or reopened because of a regression. A new occurrence attached to an already-existing open secret incident won't raise any alerts.

GitGuardian sets a maximum limit of 1,000 occurrences for a single secret incident.