GitGuardian Internal Repository Monitoring
GitGuardian is designed for hardcoded secrets and sensitive information leaking into git repositories, ensuring real-time monitoring and incident management.
| Category | Secrets Management |
|---|---|
| This page updated | a month ago |
| Pricing Details | Contact for pricing details. |
| Target Audience | Development and security teams looking to secure their code repositories. |
GitGuardian is designed to detect hardcoded secrets and sensitive information leaking into git repositories, a threat that can compromise the entire software development lifecycle. Here’s how it works:
GitGuardian integrates natively with various Version Control Systems (VCS) such as GitHub, GitLab, Bitbucket, and Azure Repos, leveraging server-side integration through GitHub apps or webhooks. This integration allows GitGuardian to "listen" to all events reaching the post-receive hook stage, enabling real-time scanning of commits for secrets like API keys, database credentials, and security certificates.
The architecture involves scanning both incremental changes and the entire git history of the monitored perimeter. Upon detecting a secret, an incident is raised in the dashboard, and users are alerted immediately. This real-time monitoring ensures that any new secrets introduced are identified and addressed promptly.
Operational considerations include configuring the monitored perimeter, defining its scope, and setting up custom monitoring settings for different types of repositories. The platform also supports various notification integrations, such as email, webhooks, Splunk, PagerDuty, Slack, and Jira, to ensure seamless alerting and incident management.
Key technical details include the use of a library of secrets detectors that scan commits, and the ability to perform full historical scans of repositories to detect pre-existing secrets. The Mean-Time-To-Detect (MTTD) for secrets is just a few seconds after exposure, and the platform supports automated workflows and programmatic incident management via its REST API.
However, there are operational limitations to consider, such as the potential for increased latency in very large repositories and the need for careful configuration of alert policies to avoid noise. Additionally, while GitGuardian offers robust features for incident prioritization and developer-driven remediation, effective use requires active engagement from both developers and security teams.