GitGuardian
GitGuardian is a secrets detection platform that integrates with your development workflow to detect and remediate leaked secrets across code repositories. You can bring code repository, secret incident, and incident definition data from GitGuardian into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with GitGuardian and how to obtain that information from GitGuardian. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select GitGuardian from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate GitGuardian with Brinqa:
-
API URL: The GitGuardian API URL. The default URL is
https://api.gitguardian.com. -
API key: The API key associated with your GitGuardian account.
Generate GitGuardian API keys
For the GitGuardian connector to access the GitGuardian API, you must provide an API key. GitGuardian supports two types of API keys: service accounts and personal access tokens. To use the connector, you need to create a personal access token. To do so, follow these steps:
-
Log in to your GitGuardian workspace.
-
Navigate to API > Personal access tokens and click Create token.
-
Name your token and optionally set an expiry date.
-
Under Scope, select the permissions required for the connector to read incidents, sources, and detectors.
-
Click Create token and copy the generated API key. Store it in a secure location, as it cannot be viewed again.
If you do not have the permissions to create API keys, contact your GitGuardian administrator. For additional information, see GitGuardian documentation.
Additional settings
The GitGuardian connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
- Maximum retries: The maximum number of times that the integration attempts to connect to the GitGuardian API before giving up and reporting a failure. The default setting is 10.
Types of data to retrieve
The GitGuardian connector can retrieve the following types of data from the GitGuardian API:
Table 1: Data retrieved from GitGuardian
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Secret Incident | Yes | Incident |
| Secret Incident Definition | No | Incident Definition |
| Source | No | Code Repository |
The GitGuardian connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from GitGuardian in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Secret Incident
Table 2: Secret Incident attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| CustomTagResource.key | CUSTOM_TAG_KEYS |
| CustomTagResource.value | CUSTOM_TAG_VALUES |
| DestinationTicketResource.id | DESTINATION_TICKET_IDS |
| DestinationTicketResource.link | DESTINATION_TICKET_LINKS |
| DestinationTicketResource.type | DESTINATION_TICKET_TYPES |
| FeedbackResource.email | FEEDBACK_EMAILS |
| IncidentResource.assigneeEmail | ASSIGNEE_EMAIL |
| IncidentResource.assigneeId | ASSIGNEE_ID |
| IncidentResource.date | SOURCE_CREATED_DATE |
| IncidentResource.detector.detectorGroupName | TYPE |
| IncidentResource.gitguardianUrl | GITGUARDIAN_URL |
| IncidentResource.gitguardianUrl | URL |
| IncidentResource.hmslHash | HMSL_HASH |
| IncidentResource.id | INCIDENT_ID |
| IncidentResource.ignoreReason | IGNORE_REASON |
| IncidentResource.ignoredAt | IGNORED_AT |
| IncidentResource.ignorerApiTokenId | IGNORER_API_TOKEN_ID |
| IncidentResource.ignorerId | IGNORER_ID |
| IncidentResource.incidentName | INCIDENT_NAME |
| IncidentResource.isVaulted | IS_VAULTED |
| IncidentResource.occurrencesCount | OCCURRENCES_COUNT |
| IncidentResource.regression | REGRESSION |
| IncidentResource.resolvedAt | LAST_FIXED |
| IncidentResource.resolvedAt | RESOLVED_AT |
| IncidentResource.resolverApiTokenId | RESOLVER_API_TOKEN_ID |
| IncidentResource.resolverId | RESOLVER_ID |
| IncidentResource.secretHash | SECRET_HASH |
| IncidentResource.secretId | SECRET_ID |
| IncidentResource.secretRevoked | SECRET_REVOKED |
| IncidentResource.shareUrl | SHARE_URL |
| IncidentResource.status | PROVIDER_STATUS |
| IncidentResource.status | SOURCE_STATUS |
| IncidentResource.status | STATUS |
| IncidentResource.status | STATUS_CATEGORY |
| IncidentResource.tags | TAGS |
| IncidentResource.triggeredAt | FIRST_FOUND |
| IncidentResource.triggeredAt | TRIGGERED_AT |
| IncidentResource.validity | VALIDITY |
| MatchResource.name | MATCH_NAMES |
| OccurrenceResource.authorInfo | AUTHOR_INFO |
| OccurrenceResource.authorName | AUTHOR_NAME |
| OccurrenceResource.changeType | CHANGE_TYPE |
| OccurrenceResource.filepath | FILEPATH |
| OccurrenceResource.id | UID |
| OccurrenceResource.kind | KIND |
| OccurrenceResource.presence | PRESENCE |
| OccurrenceResource.sha | SHA |
| OccurrenceResource.source.fullName | SOURCE_NAME |
| OccurrenceResource.source.fullName | TARGETS |
| OccurrenceResource.url | OCCURRENCE_URL |
| PublicExposureResource.leakedOutsidePerimeter | LEAKED_OUTSIDE_PERIMETER |
| PublicExposureResource.publicIncidentLinked | PUBLIC_INCIDENT_LINKED |
| PublicExposureResource.sourcePubliclyVisible | SOURCE_PUBLICLY_VISIBLE |
| SecretPresenceResource.filesFixed | FILES_FIXED |
| SecretPresenceResource.filesPendingMerge | FILES_PENDING_MERGE |
| SecretPresenceResource.filesRequiringCodeFix | FILES_REQUIRING_CODE_FIX |
| SecretPresenceResource.inVcs | IN_VCS |
| SecretPresenceResource.outsideVcs | OUTSIDE_VCS |
| SecretPresenceResource.removedInVcs | REMOVED_IN_VCS |
| SecretPresenceResource.removedOutsideVcs | REMOVED_OUTSIDE_VCS |
Secret Incident Definition
Table 3: Secret Incident Definition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| DetectorResource.detectorGroupDisplayName | DETECTOR_GROUP_DISPLAY_NAME |
| DetectorResource.detectorGroupName | DETECTOR_GROUP_NAME |
| DetectorResource.family | DETECTOR_FAMILY |
| DetectorResource.nature | DETECTOR_NATURE |
| IncidentResource.severity | SEVERITY |
| IncidentResource.severity | SEVERITY_SCORE |
| IncidentResource.severity | SOURCE_SEVERITY |
| IncidentResource.tags | TAGS |
| SecretDetectorResource.category | CATEGORIES |
| SecretDetectorResource.checkable | CHECKABLE |
| SecretDetectorResource.displayName | DESCRIPTION |
| SecretDetectorResource.displayName | DETECTOR_DISPLAY_NAME |
| SecretDetectorResource.displayName | NAME |
| SecretDetectorResource.frequency | FREQUENCY |
| SecretDetectorResource.ignoredIncidentsCount | IGNORED_INCIDENTS_COUNT |
| SecretDetectorResource.isActive | IS_ACTIVE |
| SecretDetectorResource.isRecommendedForBusiness | IS_RECOMMENDED_FOR_BUSINESS |
| SecretDetectorResource.name | DETECTOR_NAME |
| SecretDetectorResource.name | UID |
| SecretDetectorResource.openIncidentsCount | OPEN_INCIDENTS_COUNT |
| SecretDetectorResource.removedAt | REMOVED_AT |
| SecretDetectorResource.resolvedIncidentsCount | RESOLVED_INCIDENTS_COUNT |
| SecretDetectorResource.scansCodeOnly | SCANS_CODE_ONLY |
| SecretDetectorResource.type | DETECTOR_TYPE |
Source
Table 4: Source attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| Always "Code Repository" | CATEGORIES |
| Always "active" | STATUS |
| LastScanResource.branchesScanned | LAST_SCAN_BRANCHES_SCANNED |
| LastScanResource.commitsScanned | LAST_SCAN_COMMITS_SCANNED |
| LastScanResource.date | LAST_SCAN_DATE |
| LastScanResource.duration | LAST_SCAN_DURATION |
| LastScanResource.failingReason | LAST_SCAN_FAILING_REASON |
| LastScanResource.progress | LAST_SCAN_PROGRESS |
| LastScanResource.status | LAST_SCAN_STATUS |
| SourceResource.closedIncidentsCount | CLOSED_INCIDENTS_COUNT |
| SourceResource.defaultBranch | DEFAULT_BRANCH |
| SourceResource.defaultBranchHead | DEFAULT_BRANCH_HEAD |
| SourceResource.deleted | DELETED |
| SourceResource.externalId | EXTERNAL_ID |
| SourceResource.fullName | NAME |
| SourceResource.health | HEALTH |
| SourceResource.id | UID |
| SourceResource.monitored | MONITORED |
| SourceResource.openIncidentsCount | OPEN_INCIDENTS_COUNT |
| SourceResource.sourceCriticality | SOURCE_CRITICALITY |
| SourceResource.type | SOURCE_TYPE |
| SourceResource.url | URL |
| SourceResource.visibility | VISIBILITY |
APIs
The GitGuardian connector uses the GitGuardian REST API (v1). Specifically, it uses the following endpoints:
Table 5: GitGuardian API endpoints
| Connector Object | API Endpoint |
|---|---|
| Secret Incident | GET /v1/incidents/secrets |
GET /v1/occurrences/secrets | |
| Secret Incident Definition | GET /v1/secret_detectors |
GET /v1/incidents/secrets | |
| Source | GET /v1/sources |
Changelog
The GitGuardian connector has undergone the following changes:
Table 6: GitGuardian connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.0 | Initial Integration+ release. | March 10th, 2026 |