Skip to main content

Export data

GitGuardian allows you to export data in the form of a CSV report.

CSV report

Export options

CSV reports are currently only available for secrets incidents. To export data, use the menu in the view, then select the options for the export:

  • Individual secrets incidents vs All occurrences.
    • Individual secrets incidents gives you the list of the secrets incidents present on your perimeter without details about multiple occurrences they may contain. It is useful for high level reporting.
    • All occurrences gives you the detailed list of all the occurrences and their location. Such reports can be used for remediation or more granular analysis.
      These two reports are consistent between one another and you can cross-reference their data using the common key incident_id.
  • Show secrets vs Hide secrets: fighting secrets sprawl, GitGuardian gives you the option to hide the secret itself in your CSV exports.
  • Filtering: CSV reports can reflect your filtering and selection.
    • Matching the current filters and search query: only incidents matching your current filtering criteria will be exported.
    • Matching view: incidents matching the filters from the active will be exported. If you have unsaved modifications in the view, they will not apply.
    • No filters: all incidents will be exported, regardless of the view or filters applied.
  • Separator: customize the separator of the report.
    • comma-separated
    • tab-separated

export_as_csv csv_export_modal

Note that it is also possible to export incidents that have been manually selected. Select your incidents and hit Download from the bulk actions bar:

export_selection

Export format

The format of the CSV export will look like the below examples.

For Individual secrets incidents report:

incident_idcreated_atsecret_hashdetector_namematchesoccurrences_countassigneesresolved_atignored_atgitguardian_urlseverityvaliditystatusignore_reasonsecret_revokedtags
1866442020-11-17 08:19:48.374388+00:00CKRCZ36VU1JgnPTN2oWtW5Rn2fE7p/d9G+XQveEXlSg0d+Vjq3vgT7VWMTb6ax/hSlack User Token{"apikey": "xoxp-6378355290-4543728424-36021270421-7714dc2119e296b6e8be1cb6cde31ef5"}2https://dashboard.gitguardian.com/workspace/8/incidents/186644CriticalvalidTRIGGERED
495682020-03-25 13:26:11.134688+00:00kFXL5aDL5Pvf3odFhfS1Sfxxguqg7/tFOLgmM94+EPnMHwNGLCAWyy4SR5jhsuGkAWS Keys{"client_id": "AROAK1XZAJSZHCUDQSHT", "client_secret": "cH1SL1LFzSwWoJV5wDtn8rcTSNiieufBOe58b6Lu"}4john.doe@company.com2020-11-03 14:48:41.634750+00:00https://dashboard.gitguardian.com/workspace/8/incidents/49568MediuminvalidRESOLVEDTRUESENSITIVE_FILE
................................................................
  • incident_id: id of the GitGuardian incident
  • created_at: date of the incident
  • secret_hash: hash of the actual secret matches. It is unique per secret.
  • detector name: type of the secret detected by GitGuardian secrets detection engine
  • matches: the actual secret. Sometimes it can be composed of several components that GitGuardian calls matches (eg: client_id, client_secret). That's why it is under JSON format. Empty if you select Hide secrets option.
  • occurrences_count: count of occurrences of the secret incident
  • assignees: email of the incident assignee who is member of the GitGuardian workspace
  • resolved_at: timestamp of incident resolution date. If not empty, it means that the status of the incident is resolved
  • ignored_at: timestamp of incident ignore date. If not empty, it means that the status of the incident is ignored
  • gitguardian_url: link to the incident page on your GitGuardian workspace
  • severity: severity level for the incident
  • validity: validity of the secret (valid, invalid, no_checker, failed_to_check, unknown)
  • status: status of the incident (TRIGGERED, ASSIGNED, RESOLVED, IGNORED)
  • ignore_reason: declarative ignore reason by the person who ignored the incident (test_credential, false_positive, low_risk)
  • secret_revoked: declarative information indicating whether or not the secret is revoked by the person who resolved the incident (True or False)
  • tags: tags of the incident (DEFAULT_BRANCH, FROM_HISTORICAL_SCAN, IGNORED_IN_CHECK_RUN, CHECK_RUN_SKIP_FALSE_POSITIVE, PUBLIC, PUBLICLY_EXPOSED, PUBLICLY_LEAKED, REGRESSION, SENSITIVE_FILE, TEST_FILE)

For All occurrences report:

created_atsecret_hashdetector_namematchessource_urlsource_namecommit_urlcommit_shacommit_authorauthor_emailfilepathincident_idgitguardian_urlvaliditypresenceoccurrence_idtagselement_urlauthor_name
2020-11-17 10:19:41.495062+00:00CKRCZ36VU1JgnPTN2oWtW5Rn2fE7p/d9G+XQveEXlSg0d+Vjq3vgT7VWMTb6ax/hSlack User Token{"apikey": "xoxp-6378355290-4543728424-36021270421-7714dc2119e296b6e8be1cb6cde31ef5"}https://github.com/my-org/my-reposmy-org/my-reposhttps://github.com/my-org/my-repos/commit/722682f316a934129996eccc4286d56a33812212#diff-568470d013cd12e4f388206520da39ab9a4e4c3c6b95846cbc281abc1ba3c959L3722682f316a934129996eccc4286d56a33812212Lucius Foxlucius-fox-gg@protonmail.comapp.py186644https://dashboard.gitguardian.com/workspace/8/incidents/186644validpresent4367688PUBLICLY_EXPOSEDhttps://github.com/my-org/my-repos/commits/commit-leakedJohn Doe
............................................................................
  • created_at: date of the occurrence
  • secret_hash: hash of the actual secret matches. It is unique per secret.
  • detector name: type of the secret detected by GitGuardian secrets detection engine
  • matches: the actual secret. Sometimes it can be composed of several components that GitGuardian calls matches (eg: client_id, client_secret). That's why it is under JSON format. Empty if you select Hide secrets option.
  • source_url: VCS link of the source
  • source_name: name of the source
  • commit_url: VCS link of the commit (deprecated, please use element_url instead)
  • commit_sha: sha of the commit
  • commit_author: git name of the commit author (deprecated, please use author_name instead)
  • author_email: email of the occurrence element author
  • filepath: filepath containing the occurrence
  • incident_id: id of the GitGuardian incident the occurrence belongs to
  • gitguardian_url: link of the incident page on your GitGuardian workspace
  • validity: validity of the secret (valid, invalid, no_checker, failed_to_check, unknown)
  • presence: presence in git history of the occurrence (present, removed)
  • occurrence_id: id of the occurrence
  • tags: tags of the occurrence (DEFAULT_BRANCH, FROM_HISTORICAL_SCAN,IGNORED_IN_CHECK_RUN, PUBLIC, CHECK_RUN_SKIP_FALSE_POSITIVE, PUBLICLY_EXPOSED, PUBLICLY_LEAKED, REGRESSION, SENSITIVE_FILE, TEST_FILE)
  • element_url: link to the occurrence element
  • author_name: name of the occurrence element author

How can I help you ?