Detect public secret incidents
GitGuardian continuously monitors public sources to detect exposed secrets related to your organization. When secrets are found within your company public perimeter, GitGuardian creates public secret incidents that require investigation and remediation.
How detection works
Real-time monitoring
GitGuardian scans every public commit on GitHub as it happens using our Secret Detection Engine. When a commit matches your company perimeter, GitGuardian immediately analyzes it for over 450+ types of secrets.
Response time: The average time from a public commit to GitGuardian alert is 5 minutes.
What's monitored in real-time:
- Activity from developers in your perimeter
- Commits in your monitored GitHub organizations
- Content matching your secret graspers.
Historical scanning
GitGuardian also performs historical scans to detect secrets that were exposed before your monitoring was established. A historical scan is performed at initialization of your Public Monitoring dashboard, then on a monthly basis.
What's covered by historical scans:
- Past activity from monitored developers
- Historical commits in monitored GitHub organizations
Secret graspers only work for real-time monitoring and do not apply to historical scans. They are monitored from the moment they are created, without retroactive scanning of past activity.
How incidents are created
A public secret incident is created when all of the following conditions are met:
- A secret is detected in a public GitHub commit or event
- The commit is linked to your company through your perimeter definition
- The secret detector is enabled in your detection settings
Each incident provides detailed information like secret type, validity status, attachment reasons, and complete context for investigation and remediation.
Customizing detection
You can customize which secrets to detect and how validity is checked. For detailed configuration options, see Customize detection and Validity checks.