Skip to main content


Here are some common questions.

What instance do I need to install GitGuardian in an embedded cluster ?#

The hardware specifications for the instance hosting GitGuardian can be found here.

For the supported distributions, see this question.

How do I configure my firewall to integrate with the VCS ?#

Both the application and the VCS must be able to initiate the connection. The application needs to access the VCS to gather information, and the VCS has webhooks. You need to make sure that the firewall is open for both service listening ports.

For more information about network flows, see this page

Which distributions are supported ?#

  • Embedded cluster: The supported distributions can be found here.

  • Existing cluster: Any cluster should be supported as long as they have the prerequisites listed here.

What are the deployment options ?#

GitGuardian is deployed using Kots. It runs on a Kubernetes cluster. There is two methods to deploy GitGuardian:

  • You already have an existing Kubernetes cluster that you want to use. In this case, follow this documentation.
  • You don't have an existing cluster or you don't want to use the one you have. In this case, follow this documentation.

How do I upgrade GitGuardian ?#

This is done through the admin console under the "Version History" tab. More information is available here.

How do I synchronize my licence ?#

This is done through the admin console under the "License" tab. More information is available here.

How do I create and send a support/troubleshoot bundle ?#

This is done through the admin console under the "Troubleshoot" tab. More information is available here.

How do I scale my embedded cluster ?#

If you want to add processing power to your cluster, for example to scan a lot of repositories, the easiest way to do so is to add worker nodes. To do so, go to this page.

Then, you can add configure the number of parallel GitGuardian workers, under "Advanced Options" in the admin console. All options are detailed here.

How do SSO integrations work ?#

SSO integration can create user at their first connection (just-in-time).

SSO integration handles authentication but cannot automatically assign users to role inside the GitGuardian application.

How can I use an internal CA ?#

Not supported yet. More coming soon.

What do I need to perform the initial historical scan ?#

The initial historical repository scan is resource intensive, and can be quite long.

On an embedded cluster, to speed up this process, we advise to temporarily add more worker nodes. Make sure they is at least 100Gio of storage on the root device of each node, as large repositories can use a lot of it.

On existing cluster, check the size of your cluster, and the limits on the gitguardian namespace.

In both cases, you will need to increase the number of "Scanning Workers" in the "Avdanced Options" in the admin console. Details about these options are available here. You should count 1 cpu core, 2-3 Gio of memory and about 1-10 Gio of ephemeral storage per additional worker.

What are the different roles and permissions in the GitGuardian application ?#

All roles and permissions for users are described here.

How can I configure the email sent by GitGuardian ?#

Emails are configured in the admin area of the dashboard. This page explains how to configure them.

How do I configure backups ?#

Backups are used when using the embedded Redis or Postgres on an embedded cluster. The storage target and the periodicity can be configured in the "Snaphots" tab of the admin console. More information about backups is available here

What capabilities do GitGuardian have on the cluster ?#

  • Embedded cluster: Kots will be a cluster admin. This allows to do cluster management operations.
  • Existing cluster: Kots will be an admin of the namespace it is assigned to. See here.

During an embedded installation, I'm stuck at "Awaiting rook-ceph RGW pod". What's the issue ?#

rook-ceph requires a raw storage without any filesystem on it. Make sure you have attached a second disk without mounting any filesystem on it.