Another objective of your perimeter page is to ensure that you have the most comprehensive protection of all your perimeter. GitGuardian offers two complementary protections: real-time monitoring and historical scanning.
The first protection and the most effective one for secrets remediation is the real-time monitoring.
Within your list of sources, under the protection column, the blue shield icon indicates that a given source is being monitored in real-time.
As you may have read in our How GitGuardian works section, real-time monitoring means that every single push event (and its commits) are scanned for secrets as soon as they arrive on your VCS server (post-receive hooks).
We then alert you instantly, which will save you time in the remediation process. Indeed, the longer a secret is exposed, the harder the remediation gets.
On the right-hand side panel, we indicate the percentage of sources covered, based on the number of sources you integrated with GitGuardian. Note that some sources may not be eligible to being monitored because of plan restriction.
The second type of protection offered is the ability to scan the git history of all the sources you integrated with GitGuardian.
Starting up with GitGuardian
Since real-time monitoring will focus on securing your future code, it is essential to scan the existing history of all your sources. The longer the existence of a given repository or project, the bigger its git history and hence the number of secrets it might contain. GitGuardian’s historical scanning feature will help you conduct that initial audit and start on a clean basis.
In the right-hand side panel, you can quickly view the total number of sources waiting to have their git history scanned. You can also quickly pinpoint such sources under the protection column in your list of sources.
Once the git history of a source has been scanned, you can see the historical scan icon turn blue. It also indicates the date of the last performed historical scan.
You can scan the git history of a given source at any time you want via the small menu provided at the row level for each source.
You can also execute bulk historical scans by:
- Selecting the sources by ticking the checkboxes in the table
- Clicking on
Scan XX selected sources
Scanning the entire git history of a repository across all the git branches can take some time. You will receive an email notification whenever the historical scan of one or more repositories has been fully executed.
Note that you can cancel an ongoing historical scan and that a historical scan can potentially fail. A failure of a historical scan is typically due to the source size being too big (>1GB).