Skip to main content

Explore

Explore enables you to proactively search for secrets that may have been leaked in public GitHub repositories related to your organization. By expanding your secret detection beyond your defined perimeter, Explore helps you discover exposures that traditional perimeter-based monitoring might miss.

info

Explore is designed to help you find secrets related to your company's infrastructure, domains, and technologies. Focus your searches on company-specific terms for the most relevant and actionable results.

How Explore works

Explore allows you to search through public GitHub commits and patches using sophisticated query capabilities, then scan the results for secrets using GitGuardian's detection engine.

1. Search for relevant commits

Use targeted search queries to find public commits that might contain secrets related to your organization:

  • Search for your company domains, API endpoints, or infrastructure
  • Look for commits from current or former employees
  • Find references to your internal systems or technologies

Explore search

2. Scan results for secrets

Once you've identified potentially relevant commits, scan them for actual secrets, using GitGuardian's comprehensive detector library.

Explore scan

3. Create incidents and monitor

Transform discovered secrets into actionable security incidents:

  • Create public secret incidents directly from scan results
  • Set up automated incident creation with scheduled scans
  • Track and remediate exposures through your standard incident workflow

Getting started and best practices

  1. Use company-specific searches: Focus on terms directly related to your organization (domains, infrastructure, technologies) rather than generic keywords. This ensures relevant, actionable results and stays within the 10,000 result limit required for scanning.

  2. Scan results: Use the search interface to find relevant commits, then scan the results to identify actual secret exposures

  3. Create incidents: Convert findings into trackable security incidents through your standard workflow

  4. Set up monitoring: Schedule regular scans for critical search queries to maintain ongoing monitoring

  5. Regular review: Monitor the quality of results and refine queries to reduce false positives and improve detection effectiveness

Next steps