Skip to main content

5 posts tagged with "remediation"

View All Tags

Prioritize faster with Secrets Analyzer

calendar icon   Release Date: April 14, 2025

Secret Analyzer Thumbnail

We're excited to announce Secrets Analyzer, a new enhancement to our secrets detection capabilities.

Secrets Analyzer automatically gathers additional context for detected secrets, including their associated scopes, permissions, ownership, and relevant perimeter information where available.

This added intelligence helps security teams:

  • Evaluate the potential impact of a secret incident more accurately.
  • Prioritize remediation efforts based on risk level.
  • Streamline the overall incident response process.

For details on how each analyzer works, including metadata collected and validation calls:


Enhancements

  • Incidents: Added a new filter to improve incident categorization based on the presence or absence of Jira Data Center tickets.
  • Custom Tags: Users can now create custom tags directly from search queries in the dashboard.
  • Custom webhook: Add the team name and webhook name to the custom webhook payload for incidents and occurrences. Learn more.

Fixes

  • GitLab Integration:
    • Fixed an issue where multiple emails were sent for failures in multiple group hooks on the same GitLab instance, ensuring only one email is sent per instance.
    • We improved the process for read-only token installations by automatically detecting and updating the webhook ID if the webhook was created manually.
    • Fixed unnecessary scans triggered by webhooks related to unmonitored repositories.
  • Incidents: Fixed a bug that could cause unnecessary data refresh on the incidents list when switching browser tabs.

Improve incident remediation with custom tags

calendar icon   Release Date: March 24, 2025

Custom tags Thumbnail

Take control of incident management with custom tags. This feature allows you to categorize, filter, and search incidents using customized labels, offering greater flexibility in tracking and prioritizing incidents, and improving remediation workflows.

For developers, you can interact with custom tags via the API. For more information, visit the API documentation.

For more details on how to use custom tags within the GitGuardian platform, check out our detailed guide.

Custom tags example


Enhancements

You now have two options for receiving incident email notifications: "All incidents" (default) or "Only incidents involving yourself (based on your Git commit email)", learn more about email preferences.

Email notification

Detect hardcoded secrets in your Container Registries

calendar icon   Release Date: March 19, 2025

Container Registries Thumbnail

We are excited to introduce Secret detection for Container Registries, including:

  • microsoft-azure-container-registry Azure Container Registry
  • amazon-ecr Amazon Elastic Container Registry
  • google-artifact-registry Google Artifact Registry
  • jfrog JFrog Artifactory
  • dockerhub DockerHub

Secrets often end up in container images due to common mistakes during development and image creation, mainly:

  • Hardcoding Secrets in Code: Developers may directly embed sensitive credentials, such as API keys or passwords, into application code, which gets packaged into container images.
  • Misconfigured Dockerfiles: Commands like ENV or RUN in Dockerfiles can inadvertently expose sensitive data during the build process.

By identifying and addressing hardcoded credentials early in the development pipeline, this feature significantly minimizes the risk of security breaches, helping you prevent the unintended exposure of sensitive information before it even reaches production.

Container Registries Dashboard

Check out our Blog Post to learn more!


Fixes

  • Jira Cloud Issue Tracking Integration: Fixed an issue where Jira project keys were incorrectly changed during synchronization.

Explore and prioritize your Generic Incidents

calendar icon   Release Date: March 10, 2025

GSE-filters

We are excited to unveil the "Generic Secret Enricher V1", a machine learning model designed to enhance our capabilities in generic secret detection. This innovative model analyzes the entire context of a document, identifying the company and category associated with a secret, thereby providing meaningful insights to help users understand the origin and type of a discovered secret.

New Features

  • Contextual Analysis: Upon detection of a generic secret, our platform analyzes the full document context to determine the associated provider or category of a secret.

  • Efficient Classification: This feature reduces the need for manual classification, enabling users to quickly comprehend the source and nature of a discovered generic secret.

  • New Filters: We've introduced three new filters - Provider, Category, Family - to help identify critical generic incidents. To use these, filter your incidents by the "Generic" type, then apply a combination of these filters.

Goals

Our long-term goal is to provide you with actionable insights, prioritize their generic incidents, and improve their remediation efforts.

Usage

To use the new filters, simply filter your incidents by the "Generic" type, then apply a combination of the Provider, Category, and Family filters. This will help you identify the most significant or critical generic incidents, such as those classified under "Data Storage" or linked to the provider "Postgresql".

Fixes

  • Jira Cloud Issue Tracking Integration: Resolved an issue where integration entered an invalid state after being uninstalled.
  • Microsoft Teams Alerts for Security Incidents: Resolved an issue where the wrong team was displayed during configuration.

Leverage insights from your Secrets Managers

calendar icon   Release Date: February 28, 2025

Secrets Managers Thumbnail

GitGuardian now integrates with AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, Google Secret Manager, Delinea, and Akeyless through ggscout, letting you sync secret incidents with your Secrets Managers—without exposing sensitive data.

What’s in it for you?

  • Prioritize Faster – Instantly see which secrets are already vaulted and focus on real risks.
  • Remediate Quicker – Vault unprotected secrets in a click and speed up fixes.
  • Streamline Workflows – Leverage vaulted secrets insights directly in GitGuardian.
  • Improve Secrets Hygiene – Spot duplicate, weak, or mismanaged secrets with ggscout.
  • Simplify Vault Consolidation – Track migrations, filter secrets, and purge outdated ones effortlessly.

Secrets Managers Tag