Export data
GitGuardian allows you to export data in the form of a CSV report.
CSV report#
Export options#
CSV reports are currently only available for secrets incidents. When creating a CSV report, you have two choices to make:
Individual secrets incidents vs All occurrences.
Individual secrets incidents gives you the list of the secrets incidents present on your perimeter without details about multiple occurrences they may contain. It is useful for high level reporting.
All occurrences gives you the detailed list of all the occurrences and their location. Such reports can be used for remediation or more granular analysis.
These two reports are consistent between one another and you can cross-reference their data using the common key
incident_id.
Show secrets vs Hide secrets: fighting secrets sprawl, GitGuardian gives you the option to hide the secret itself in your CSV exports.
Filtering: CSV reports can reflect your filtering and selection.
- Selected: only selected incidents will be exported.
- Matching the search query: only incidents matching your current filtering criteria will be exported.
- All: all incidents belonging to the selected time period will be exported, regardless of the filters applied.
Export format#
The format of the CSV export will look like the below examples.
For Individual secrets incidents report:
| incident_id | created_at | secret_hash | detector_name | matches | occurrences_count | assignees | resolved_at | ignored_at | gitguardian_url | severity | validity | status | ignore_reason | secret_revoked | tags |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 186644 | 2020-11-17 08:19:48.374388+00:00 | CKRCZ36VU1JgnPTN2oWtW5Rn2fE7p/d9G+XQveEXlSg0d+Vjq3vgT7VWMTb6ax/h | Slack User Token | {"apikey": "xoxp-6378355290-4543728424-36021270421-7714dc2119e296b6e8be1cb6cde31ef5"} | 2 | https://dashboard.gitguardian.com/workspace/8/incidents/186644 | Critical | valid | TRIGGERED | ||||||
| 49568 | 2020-03-25 13:26:11.134688+00:00 | kFXL5aDL5Pvf3odFhfS1Sfxxguqg7/tFOLgmM94+EPnMHwNGLCAWyy4SR5jhsuGk | AWS Keys | {"client_id": "AROAK1XZAJSZHCUDQSHT", "client_secret": "cH1SL1LFzSwWoJV5wDtn8rcTSNiieufBOe58b6Lu"} | 4 | john.doe@company.com | 2020-11-03 14:48:41.634750+00:00 | https://dashboard.gitguardian.com/workspace/8/incidents/49568 | Medium | invalid | RESOLVED | TRUE | SENSITIVE_FILE | ||
| .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... |
- incident_id: id of the GitGuardian incident
- created_at: date of the incident
- secret_hash: hash of the actual secret matches. It is unique per secret.
- detector name: type of the secret detected by GitGuardian secrets detection engine
- matches: the actual secret. Sometimes it can be composed of several components that GitGuardian calls matches (eg:
client_id,client_secret). That's why it is under JSON format. Empty if you select Hide secrets option. - occurrences_count: count of occurrences of the secret incident
- assignees: email of the incident assignee who is member of the GitGuardian workspace
- resolved_at: timestamp of incident resolution date. If not empty, it means that the status of the incident is resolved
- ignored_at: timestamp of incident ignore date. If not empty, it means that the status of the incident is ignored
- gitguardian_url: link to the incident page on your GitGuardian workspace
- severity: severity level for the incident
- validity: validity of the secret (valid, invalid, no_checker, failed_to_check, unknown)
- status: status of the incident (TRIGGERED, ASSIGNED, RESOLVED, IGNORED)
- ignore_reason: declarative ignore reason by the person who ignored the incident (test_credential, false_positive, low_risk)
- secret_revoked: declarative information indicating whether or not the secret is revoked by the person who resolved the incident (True or False)
- tags: tags of the incident (FROM_HISTORICAL_SCAN, IGNORED_IN_CHECK_RUN, PUBLIC, REGRESSION, SENSITIVE_FILE, TEST_FILE)
For All occurrences report:
| created_at | secret_hash | detector_name | matches | source_url | source_name | commit_url | commit_sha | commit_author | author_email | filepath | incident_id | gitguardian_url | validity | presence | occurrence_id |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2020-11-17 10:19:41.495062+00:00 | CKRCZ36VU1JgnPTN2oWtW5Rn2fE7p/d9G+XQveEXlSg0d+Vjq3vgT7VWMTb6ax/h | Slack User Token | {"apikey": "xoxp-6378355290-4543728424-36021270421-7714dc2119e296b6e8be1cb6cde31ef5"} | https://github.com/my-org/my-repos | my-org/my-repos | https://github.com/my-org/my-repos/commit/722682f316a934129996eccc4286d56a33812212#diff-568470d013cd12e4f388206520da39ab9a4e4c3c6b95846cbc281abc1ba3c959L3 | 722682f316a934129996eccc4286d56a33812212 | Lucius Fox | lucius-fox-gg@protonmail.com | app.py | 186644 | https://dashboard.gitguardian.com/workspace/8/incidents/186644 | valid | present | 4367688 |
| .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... | .... |
- created_at: date of the occurrence
- secret_hash: hash of the actual secret matches. It is unique per secret.
- detector name: type of the secret detected by GitGuardian secrets detection engine
- matches: the actual secret. Sometimes it can be composed of several components that GitGuardian calls matches (eg:
client_id,client_secret). That's why it is under JSON format. Empty if you select Hide secrets option. - source_url: VCS link of the source
- source_name: name of the source
- commit_url: VCS link of the commit
- commit_sha: sha of the commit
- commit_author: git name of the commit author
- author_email: git email of the commit author
- filepath: filepath containing the occurrence
- incident_id: id of the GitGuardian incident the occurrence belongs to
- gitguardian_url: link to the incident page on your GitGuardian workspace
- validity: validity of the secret (valid, invalid, no_checker, failed_to_check, unknown)
- presence: presence in git history of the occurrence (present, removed)
- occurrence_id: id of the occurrence