Internal Monitoring
GitGuardian's Analytics feature offers robust data visualization and actionable insights, empowering you to monitor your security posture, track performance trends, and make informed decisions.
The Internal Monitoring Analytics feature is organized to provide clarity and depth across key security dimensions.
- Protect: Focuses on repository monitoring and secret detection effectiveness, providing metrics on source coverage, blocked pull requests, and the prevalence of secrets in commits.
- Detect: Offers insights into where and how secrets are detected, highlighting incident creation, most detected secret types, and sources or teams most frequently involved in secret leaks.
- Remediate: Tracks the status and progress of incident remediation, including open and closed incidents, automation efficiency, team and source performance, and response times.
- Prevent: Measures the effectiveness and adoption of GGShield for preventing secret leaks in real time, including incidents avoided, scan activity, and developer engagement.
Protect
Analytics in the Protect section provide visibility into repository monitoring, secret detection effectiveness, the prevalence of secrets in commits, and overall scanning activity. These metrics help teams track security posture, identify gaps, and ensure compliance with secret management best practices.
1. Count of Sources
Purpose: Displays the percentage of monitored sources over time, helping identify whether all sources are properly monitored and highlighting discrepancies between total sources and those eligible for historical scanning.
2. Count of Sources by Category
Purpose: Shows the percentage of monitored sources by category (e.g., code repositories), providing insight into which source types are monitored and identifying any under-monitored categories.
3. Percentage of Blocked GitHub PRs
Purpose: Illustrates the percentage of GitHub pull requests blocked from merging due to detected secrets, indicating the effectiveness of secret detection in preventing sensitive data leaks via PRs.
4. GitHub PRs with Check Runs
Purpose: Shows the total number of GitHub PRs scanned by GitGuardian, tracking coverage and integration of secret scanning in the PR workflow.
5. Percentage of Commits Containing Secrets
Purpose: Displays the percentage of commits containing secrets out of the total commits scanned, helping assess the prevalence of hardcoded secrets in the codebase over time.
6. Commits Scanned**
Purpose: Shows the total number of commits scanned for secrets, regardless of whether secrets were found, indicating overall scanning activity and coverage.
Detect
These analytics help you understand where and how secrets are being detected in your organization, which types of secrets are most problematic, and which sources and teams are most frequently involved. This enables targeted remediation, improved training, and more effective secret management policies.
1. New incidents created
Purpose: Shows the number of newly created incidents over time, categorized by severity (Critical, High, Medium, Low, Info, Unknown). Helps prioritize remediation efforts by visualizing when and how many incidents of each severity occur.
2. Most detected secrets
Purpose: Displays the most frequently detected secret types (e.g., generic high entropy secrets, passwords, API keys, credentials). Useful for identifying which kinds of secrets are most commonly leaked and may require targeted prevention or education.
3. Top sources by incident count
Purpose: Lists the sources (repositories, directories, etc.) responsible for the most incidents, broken down by severity. Helps pinpoint where secret leaks are originating, so you can focus remediation and exclusion efforts on problematic sources.
4. Top teams by incident count
Purpose: Shows which teams are responsible for the most incidents, broken down by severity. Useful for identifying teams that may need additional training, support, or process improvements to reduce secret leaks.
Remediate
These analytics provide visibility into the status and progress of incident remediation, the effectiveness of automation, team and source performance, and response times. They help organizations track backlog, prioritize efforts, and continuously improve their secret management and incident response workflows.
1. Average open incidents per source (code repositories only)
Purpose: Tracks the average number of unresolved incidents per code repository over time. Helps monitor whether remediation efforts are keeping pace with incident creation and highlights trends in backlog.
2. Open incidents
Purpose: Shows the total number of incidents that are currently unresolved and require attention, categorized by severity (Critical, High, Medium, Low, Info, Unknown). Useful for understanding the current workload and prioritizing remediation.
3. Closed incidents
Purpose: Displays the total number of incidents that have been resolved and closed over time, broken down by severity. Indicates remediation progress and effectiveness.
4. Auto-closed by GitGuardian automations
Purpose: Shows incidents that were automatically closed by system automations, categorized by validity (Invalid, Failed to check, No checker). Highlights the efficiency and impact of automated remediation.
5. Top teams by closed incidents
Purpose: Lists teams that closed the most incidents during the selected period, broken down by validity. Helps identify high-performing teams and distribute workload insights.
6. Top sources by closed incidents
Purpose: Identifies sources (repositories, directories, etc.) with the most incidents closed during the selected period. Useful for prioritizing remediation efforts and understanding which sources are being effectively managed.
7. Median time to remediate
Purpose: Displays the median time taken to resolve incidents each month. Helps monitor changes in response times, identify trends, and pinpoint areas for improvement in remediation processes.
Prevent
These analytics provide insight into the effectiveness and adoption of GGShield for preventing secret leaks in real time, the number of incidents avoided, usage patterns of secret scanning, and developer engagement. This helps organizations measure the impact of preventive controls and drive continuous improvement in secret management practices.
1. New incidents found in realtime
Purpose: Shows the number of new incidents detected in real time, categorized by severity (Critical, High, Medium, Low, Info, Unknown). Helps monitor immediate risk and the effectiveness of real-time secret detection.
2. Total count of incidents avoided by GGShield
Purpose: Tracks the number of incidents prevented by GGShield scans (e.g., pre-commit, path, pre-push, etc.), demonstrating the tool’s effectiveness in stopping hardcoded secrets before they become security incidents.
3. GGShield scans over time
Purpose: Shows the total number of GGShield CLI scans executed during the selected period, broken down by scan mode (e.g., pre-commit, path, pre-push, etc.). Indicates adoption, usage patterns, and coverage of secret scanning across workflows.
4. Active GGShield users
Purpose: Displays the number of unique developers actively using GGShield, counted by Personal Access Token usage in the last 30 days. Helps track engagement and adoption of secret prevention tools among developers.
