Skip to main content

Monitor your Gerrit repositories

calendar icon   Release Date: April 20, 2026

Secret scanning Gerrit

We're excited to announce native support for Gerrit as a VCS source. Gerrit is widely used for enterprise code review workflows, often hosting sensitive internal repositories. You can now connect your Gerrit instance to GitGuardian to detect secrets exposed across your repositories and commit histories, with the same experience as our other VCS integrations.

What does this mean for you?

  • Historical scanning out of the box: GitGuardian performs a full scan of your repositories' commit history as soon as you connect your Gerrit instance, uncovering secrets that may have been exposed weeks, months, or years ago.
  • Real-time detection with the webhook plugin: Install the Gerrit webhook plugin to catch new exposures the moment commits are pushed.
  • Granular perimeter control: Choose exactly which repositories to monitor, and apply team-based access control just like with other VCS sources.
  • Read replica support: Point GitGuardian to a read replica for cloning operations to reduce load on your primary Gerrit server.

Why is this important?

Gerrit repositories often host some of an organization's most sensitive internal code, yet many security programs lack visibility into them. Credentials and API tokens committed to Gerrit can remain in git history indefinitely, exposing internal systems and infrastructure to anyone with repository access. Native Gerrit support closes this gap and extends GitGuardian's secrets detection coverage to another critical part of your development ecosystem.

Get started

  1. Generate an HTTP username and HTTP password in your Gerrit account settings (we recommend using a dedicated bot user).
  2. Navigate to Settings > Integrations > Sources and click Configure for Gerrit.
  3. Submit your Gerrit instance URL and HTTP credentials to start monitoring.

Check out the full integration guide to learn more.

Fixes

  • Personal Access Tokens: Fixed a bug where the source scopes selected during PAT creation were not correctly applied, resulting in tokens being created with unintended permissions.
  • Bitbucket Cloud Integration: Updated the Bitbucket Cloud integration to use the new workspace-scoped APIs, following Atlassian's deprecation and removal of cross-workspace REST API endpoints.

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status