Skip to main content
Sign Up

Secrets incidents and policy breaks

Overview

GitGuardian monitors your perimeter for two types of incidents, hardcoded secrets and sensitive files (or extensions) checked in source control.

Please note that Historical scans of your perimeter will only look for hardcoded secrets in your entire commit history. Checking for sensitive files will only apply starting from the moment you add your repositories to the GitGuardian perimeter (real-time protection only).

Secrets detectors

You can find the exhaustive list of GitGuardian secrets detectors in the settings of your workspace.

Table of secrets detectors

You can activate or deactivate secrets detectors on an individual basis to refine your focus on incidents.

The frequency of a secrets detector is the number of matched secrets per million of commits.

Policies

GitGuardian can monitor other security policies in order to help you cover more threats in your source code. Such as:

  • Filenames policy
  • File extensions policy
  • .gitignore policy

What are Policies?

A policy is a rule enforced on your perimeter.

Policy break incidents are triggered when an event breaks the policy. Alerts are sent for each event that triggers one or more policy break incidents.

Filenames policy

This policy ensures that files with certain filenames are not committed.

We have configured a default list of sensitive filenames that commonly represent files that may contain secrets. You can deactivate filenames from the list, but cannot add new filenames to monitor yet.

File extension policy

This policy ensures that files with certain extensions are not committed.

We have configured a default list of sensitive extensions that commonly represent files that may contain secrets. You can deactivate extensions from the list, but cannot add new extensions to monitor yet.

.gitignore policy

This policy ensures that all your git repositories have a .gitignore file in their root directory. This is an indirect security policy as it is the best way to ensure that your secret files are never committed.

A policy break incident is triggered if the file is missing the first time GitGuardian receives an event on the repository or if the file is deleted.

Policy break incidents

Managers of the dashboard can activate or deactivate the different policies in the settings section.

Policies settings

When activated, the policies create policy break incidents that you can find in the Incidents section of your dashboard. If you want to learn more about incidents, please have look at their documentation.

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

How can I help you ?