Skip to main content

5 posts tagged with "incident-management"

View All Tags

Seal the Leak - Instantly Revoke Secrets with GitGuardian!

calendar icon   Release Date: September 23, 2025

Revoke Feature Thumbnail

We're thrilled to introduce Secret Revocation directly from the GitGuardian platform for supported providers, including GitHub, GitLab, and OpenAI. This enhancement is designed to accelerate your incident response process, reducing manual efforts and enabling you to quickly prevent attackers from leveraging your compromised secrets.

How it works:

  • Quickly identify revocable secrets: Using the newly introduced Revocable by GitGuardian Tag.
  • Access Controls: Requires full-access permissions on the incidents.
  • Instant Revocation: Revoke secrets immediately using the call-to-acttion from the incident detail view.
  • Safety First: Includes a confirmation step to prevent accidental revocations.
  • Closing the incident loop: Automatically resolves incidents when valid secrets are revoked.
  • Comprehensive Audit Trail: Every revocation activities are tracked and logged within the incident timeline for compliance and auditing purposes.

Assess the impact first:

To prevent operational disruption, always assess the impact of a revocation first. GitGuardian provides the context you need to evaluate the risk, including identifying which workloads depend on the credential, so you can act confidently.

Why it matters:

Manual secret revocation is traditionally slow and complex, as it often involves different teams. This delays the incident response and increases the security risk compromised secrets pose. This integrated revocation feature significantly shortens secret exposure times and expedites incident response workflows, especially once the investigation confirms secret shall be revoked.

Learn more about revocation.


Enhancements

  • Public API: Added Container Registries endpoints to the public API documentation.
  • Pattern Exclusion: Improved performance and memory usage when checking the impact of secret pattern exclusions.

Fixes

  • Container Registries Integrations: Fixed authentication error with Google Artifact Registry that was causing scan failures.
  • Secret Scanning: Fixed incorrect secret count display in scan results to ensure consistency with actual detected secrets.

Introducing AI Filters - It's time to have a conversation with your data!

calendar icon   Release Date: September 17, 2025

AI Filters Feature Thumbnail

We're excited to introduce AI Filters - use natural language to navigate through Incidents, Perimeter, and Audit Logs. Finding what you need has never been easier.

What it does:

  • Type queries in plain English (e.g., "Show me critical incidents from last week")
  • AI automatically converts your request into the appropriate filters
  • Works alongside your existing filter settings
  • Save AI-generated filters as views for team sharing

Available in: Incidents, Perimeter, and Audit Logs

Look for the AI input field in your filter bars to get started! Learn more about AI filters.


Enhancements

  • GitHub Check Runs: Added option to include public share links in check runs, enabling developers outside your workspace to access and resolve incident details directly from pull requests without requiring GitGuardian dashboard access. Learn more
  • Security: Added Content Security Policy (CSP) headers to improve browser security.

Fixes

  • Remediation tracking: Disabled file tracking for non-default branches. Learn more
  • Perimeter:
    • Fixed "invalid time value" error when applying filters with running bulk scans.
    • Fixed scan bar and buttons visibility for team members not in the global team.
  • Notifications:
    • Fixed Honeytoken events to only appear in "All incidents" team notifications instead of all teams.
    • Fixed custom webhook URL validation to properly handle escaped URLs.
  • Integrations:
    • Fixed installation validation blocking customers from setting up on-prem JFrog Docker registry integration.
    • Fixed direct URL display in occurrences for older Confluence Data Center versions.

Automatically Ignore Invalid Incidents with New Playbook

calendar icon   Release Date: July 28, 2025

Incident Playbook Thumbnail

We’re excited to announce a powerful enhancement to your incident management experience, designed to help you focus on what matters: we are introducing a new playbook: Automatically Ignore Invalid Incidents.

What's new?

This new playbook will automatically ignore incidents where the detected secret has been confirmed invalid and revoked, even for those that have never been valid. With this new capability, your team can immediately focus on genuine, actionable threats without being distracted by unnecessary noise from already-resolved issues.

Why This Matters?

By automatically clearing these known invalid incidents, you'll save valuable time, reduce alert fatigue, and maintain a clear focus on critical security issues that require your attention.

Important Note

This playbook is designed for incidents from standard detectors and will not impact those related to detectors with a custom host.

You Stay in Control

The playbook will be enabled by default, but you can opt out at any time if it doesn’t fit your needs. All incidents will remain accessible in your workspace for review.

Documentation


Fixes

  • Incidents Management: Resolved a regression where secrets detected on deletion lines could reopen incidents. Deletion lines are no longer scanned for secrets, as per the expected "Scan only addition line" behavior.

Customize Your Incidents View for Enhanced Context Exploration

calendar icon   Release Date: May 2, 2025

With this new feature, users can create fully customized views of their incidents, displaying specific properties and exploring their security data in an entirely new way.

GSE-columns


This customization capability offers two key advantages:

  1. Leverage the Generic Secret Enricher model (read release page) - You can now explore and prioritize generic incidents more effectively by visualizing the AI-classified secret categories and providers GSE-columns
  2. Harness extensive incident context - Access the rich contextual data we provide for each incident, which is essential for efficient prioritization efforts

Context is critical for effective remediation. CyberSecurity is fundamentally a data business, and by collecting and presenting the richest, most structured context possible, we enable you to filter, sort, and prioritize incidents effectively and make informed decisions.

Read more in the documentation

Search incidents by secret value

calendar icon   Release Date: February 11, 2025

search secret GitGuardian allows you to monitor secret leaks across thousands of your repositories and over 30 different types of sources. It is reassuring to know that this critical secret, which provides access to your corporate LDAP, has not been detected anywhere.


Enhancements

  • Scan Only Addition Lines in Commits: Now, when using ggshield or our check runs integration, we only scan for added lines in commits. Developers will no longer be blocked while remediating incidents.
  • Jira Issue Tracking Integration: Added support for "Numbers (or float)" and "Group Pickers (single group)" custom fields in Jira templates, allowing more customization in notifications and issue tracking.

Fixes

  • GitLab Integration: Resolved an issue where GitLab installations were incorrectly revoked due to temporary plan downgrades or admin status changes.
  • Confluence Cloud Integration: Fixed an issue where some Confluence Cloud events without a spaceKey were incorrectly ignored.
  • Incidents: Resolved an issue where restricted users could not view the Vulnerable Sources block.
  • Teams Management: Resolved an issue where action menus were not displayed in the teammates table for non-admin users in certain cases.
  • Email Notifications: Fixed an issue where emails for ignored and valid incidents were sent to all teams a user belongs to, instead of only the teams managing the affected repository.