TRG 8.03 - GitGuardian
Status | Created | Post-History |
---|---|---|
Active | 26-Mar-2024 | Initial release |
Draft | 04-Mar-2024 | Draft release |
Why
GitGuardian excels at detecting and preventing leaks of sensitive data in your code repositories, such as API keys, passwords, and other secrets. This can help you avoid security breaches and comply with data privacy regulations.
Description
GitGuardian is integrated via its GitHub App, enabling automated secret scanning of our repositories. Each pull request undergoes a scan. If a potential secret is detected, the commit's author receives an immediate email notification.
If a secret is suspected, the pull request will be locked. Immediate action is required regarding the potential secret due to the high risk associated with exposing secrets.
Address all findings.
The email contains a temporary link, allowing the author to either report the detected secret or mark it as a false positive, streamlining the review process for software engineers.