• Browse topics
Sign up



For Snyk Enterprise customers with regional contracts. More info

Sign up

Snyk AppRisk Pro - Secrets detection coverage with GitGuardian

Product training

Introduction to Secrets Detection with GitGuardian

Snyk AppRisk integrates into GitGuardian for discovery and coverage validation, as well as coverage policies. Once integrated, coverage can be viewed via

  • Application Analytics
  • Inventory
    • Inventory main screen
    • Asset details - clickable into a filtered view in GitGuardian!
    • Inventory filters
  • Used as a data point for policies to trigger Slack, email, or Jira workflows
  • Policies to define coverage gaps.


  • Snyk AppRisk Pro customer
  • GitGuardian
    • API Key
    • Repositories configured for monitoring

Snyk AppRisk Essentials - Baseline course for Snyk AppRisk Pro content

Snyk AppRisk Pro's courseware is meant to be consumed after first reviewing Snyk AppRisk Essentials Course. If you are not familiar with inventory, filtering, policies, please check out https://learn.snyk.io/lesson/snyk-apprisk-essentials/

Configuring GitGuardian Integration

Video - 4m11s

Using GitGuardian data within Snyk AppRisk

Video - 5m

Scan your code & stay secure with Snyk - for FREE!

Did you know you can use Snyk for free to verify that your code
doesn't include this or other vulnerabilities?

Scan your code

Common usage patterns


Create a coverage policy.

  • If you use multiple secret detection tools, the match conditions will be determined by whether they overlap or are exclusive to each code repository.
  • Additionally consider a policy to use the new Jira or Slack option to trigger a notification to have this configured/reviewed

Example 1 - Exclusively using GitGuardian

If you are only using GitGuardian for secrets detection, don't scope it to a specific repository so any new repositories are factored into your coverage gap

Match 1

  • Asset type = repository

Coverage policy action set to GitGuardian

Example 2 - Using different secrets dectection tools per source code management system

Match 1:

  • Asset type = repository
  • Attribute contains github.com

Coverage policy action set to GitGuardian

Match 2:

  • Asset type = repository
  • Attribute contains dev.azure (as an example)

Coverage policy action set to other secrets detection tool


Filter on Coverage where does not contain GitGuardian to understand where the coverage is missing and export to spreadsheet.

Application Analytics

Review the coverage to understand the severity of the potential coverage issues.