Skip to main content

Understand the monitored perimeter

Overview#

Your perimiter is simply anywhere you are storing your shared code repositories. This includes shared repository hosting like GitHub, GitLab, BitBucket or Azure Repos.

Your perimeter page has two main objectives:

  1. Identify which of your sources are at risk
  2. Ensure that your entire perimeter is well protected by GitGuardian

Perimeter page

At the bottom of the right-hand side panel, the scope section gives you a quick summary of the different integrations (VCS types) that have been integrated with GitGuardian, alongside a breakdown of sources per integration.

Perimeter scope

Differences between historical scanning and real-time protection#

Real-time monitoring#

The first protection and the most effective one for secrets remediation is the real-time monitoring.

As you may have read in our How GitGuardian works section, real-time monitoring means that every single push event (and its commits) is scanned for secrets as soon as they arrive on your VCS server (post-receive hooks).

We then alert you instantly, which will save you time in the remediation process. Indeed, the longer a secret is exposed, the harder the remediation gets.

On the right-hand side panel, we indicate the percentage of sources covered, based on the number of sources you integrated with GitGuardian. Note that some sources may not be eligible to be monitored because of plan restrictions.

Note that the table of sources displayed on the Perimeter page only contains sources that are monitored in real-time. The sources that are not selected in the integration settings page are not displayed.

real-time protection coverage

For performance reasons, we limit the number of commits scanned per push event. By default, this limit is 1,000 scanned commits/push event, but this can be customized per workspace on demand.

Historical scanning#

The second type of protection offered is the ability to scan the commit history of all the sources you integrated with GitGuardian.

historical scan coverage

Size limitations apply to historical scans, depending on your plan:

  • Free: you can scan sources up to 1GB,
  • Business and trial: you can scan sources up to 12 GB.

How can I add new sources to my protected perimeter?#

GitHub integration#

GitHub Enterprise integration#

Gitlab integration#

BitBucket integration#

Azure DevOps Repos integration#

Troubleshooting connectivity problems#

Most often, connectivity problems arise because a firewall, proxy server, corporate network, or other network is configured in a way that blocks GitGuardian.

In case you need to authorize incoming/outgoing connections to/from the SAAS application, this paragraph provides the necessary information.

Allowing GitGuardian's IP addresses#

GitGuardian serves the application from the following IP addresses:

  • 44.231.207.147/32
  • 44.224.13.10/32
  • 35.163.105.95/32
  • 54.212.233.107/32
  • 35.83.131.170/32
  • 35.161.89.114/32

These IP addresses are used for:

  • VCS integrations (eg: GitHub, GitLab)
  • Alerting integrations (eg: Slack)

Allowing GitGuardian's domains#

The following domains are used to expose the application:

  • dashboard.gitguardian.com
  • hook.gitguardian.com
  • api.gitguardian.com

Note: HTTP is only used to redirect to HTTPS.