Snyk AppRisk Pro - Secrets detection coverage with GitGuardian

Snyk AppRisk integrates into GitGuardian for discovery and coverage validation, as well as coverage policies. Once integrated, coverage can be viewed via

• Application Analytics
• Inventory
  • Inventory main screen
  • Asset details - clickable into a filtered view in GitGuardian!
  • Inventory filters
• Used as a data point for policies to trigger Slack, email, or Jira workflows
• Policies to define coverage gaps.

Requirements

• Snyk AppRisk Pro customer
• GitGuardian
  • API Key
  • Repositories configured for monitoring

Video - 4m11s

Video - 5m

Policies

Create a coverage policy.

• If you use multiple secret detection tools, the match conditions will be determined by whether they overlap or are exclusive to each code repository.
• Additionally consider a policy to use the new Jira or Slack option to trigger a notification to have this configured/reviewed

Example 1 - Exclusively using GitGuardian

If you are only using GitGuardian for secrets detection, don't scope it to a specific repository so any new repositories are factored into your coverage gap

Match 1

• Asset type = repository

Coverage policy action set to GitGuardian

Example 2 - Using different secrets dectection tools per source code management system

Match 1:

• Asset type = repository
• Attribute contains github.com

Coverage policy action set to GitGuardian

Match 2:

• Asset type = repository
• Attribute contains dev.azure (as an example)

Coverage policy action set to other secrets detection tool

Inventory

Filter on Coverage where does not contain GitGuardian to understand where the coverage is missing and export to spreadsheet.

Application Analytics

Review the coverage to understand the severity of the potential coverage issues.