Configure real-time alerting and notifications for your perimeter

GitGuardian's real-time monitoring allows alerts to be sent immediately when an incident is detected or updated.

Configuring a notifier from your GitGuardian workspace allows you to push incident alerts to the channel of your choice (e.g Slack, PagerDuty...). These alerts will contain details about the incident such as the triggered detector and location (org and repository) without revealing the secrets detected or any other sensitive data, avoiding any further contribution to sprawling of secrets.

Incident types and integration scope

Most GitGuardian's alerting integrations are designed to handle internal secret incidents detected within your integrated sources. This includes all the notification channels and issue tracking integrations listed below.

Custom webhooks and Slack are the exceptions: if your workspace and team have access to Public Monitoring, these integrations can also be configured to receive events related to public secret incidents detected on public repositories.

Available integrations

By default, GitGuardian will notify dashboard users via email for every incident. You can read more about email alerting here. You can also choose to integrate with other notification channels, GitGuardian currently supports:

• Custom webhooks
  Custom services can be written to listen in on GitGuardian's detection engine and programmatically treat detected incidents. Can handle internal and/or public secret incidents.

• Slack
  The Slack integration provides comprehensive notification coverage for internal and/or public secret incident lifecycle events. Configure which events to receive in your team's workspace channels.

• Microsoft Teams
  The Microsoft Teams integration allows you to be notified on your team's workspace in a channel of your choice.

• Discord
  The Discord integration allows you to be notified on your team's discord server of your choice.

• PagerDuty
  Send incidents as PagerDuty event notifications with the PagerDuty Integration.

• Splunk
  Treat incidents as data with the Splunk Integration.

Filter notifications by incident criteria

By default, every new and updated incident generates a notification, regardless of how critical it is. To cut down on noise and focus your team on what matters, you can define filtering rules so a notification is only sent for incidents that match the criteria you choose.

Rules are configured per channel, directly on each integration's settings page, and can combine any of the following incident criteria:

• Severity
• ML risk score (Business plans)
• Validity
• Secret type (detector)
• GitGuardian tags (e.g. Publicly leaked, Default branch, Test files)

Filtering applies to both internal and public monitoring incidents. If you don't set any rule, the channel keeps receiving notifications for every incident (full coverage), which is the default behavior.

Availability

• Destinations — filtering on internal and public monitoring incidents is available for custom webhooks, Slack, and Microsoft Teams. Other channels are rolling out progressively.
• Email — public monitoring incidents can be filtered by severity. Additional criteria and internal monitoring support are planned.