Home

Welcome to the documentation of the secrets detection engine developed by GitGuardian.

The purpose of this documentation is to provide you with an in-depth technical presentation of our secrets detection algorithms. Here is an overview of the different topics covered.

Secrets detection engine

The first section you need to dig into. You will discover the overall architecture of our secrets detection engine, its philosophy and the main features of our detection algorithms.

PreValidators and PostValidators

Surrounding the detection algorithms, GitGuardian makes pre and post treatment to ensure the highest precision.

Frequently Asked Questions

This section provides answers to the most common questions asked, such as the sensitivity of cryptographic keys or public key certificates.

Glossary

The glossary of all the terms employed and used in GitGuardian's secrets detection engine.

Remediate a leak on public GitHub

This section provides a step-by-step guide on how to remediate a leak that occurred on public GitHub. We highly recommend reading this section to be prepared in the event of an accidental credentials leak.

Detectors

This documentation exposes all the supported detectors and their algorithms configured in yml files. GitGuardian makes a distinction between specific secrets, such as API keys of know providers (eg: AWS keys), and generic secrets (eg: passwords).