Automated secrets detection enables teams to move one step closer to the secure software development lifecycle (SSDLC). However, without proper alerting, critical secrets-in-code incidents can take longer than expected to be remediated, or even worse–go completely unnoticed.

We are happy to announce that we are now part of the PagerDuty Partner Program’s verified integrations.

At GitGuardian, we take it to heart to fit into our customers’ existing toolbelt and workflows. This integration will enable us to bring the power of automated secrets detection to one of the leading platforms for real-time digital operations, where DevOps and Security Incident Response Analysts operate.

How does GitGuardian work with PagerDuty?

Through this integration, we’re enabling our users to route GitGuardian secrets-in-code incidents in real-time to the PagerDuty platform–improving awareness of active incidents for DevOps and Application Security teams.

When detecting a secret in your source code, GitGuardian will raise an incident on its platform. It will also send an event to PagerDuty, triggering an incident inside the configured PagerDuty service.

The integration can also be set up to wire events from GitGuardian to PagerDuty:

  • On the first occurrence only of an incident (and in case of regression);
  • For every occurrence of an incident.

How-to: Setup the GitGuardian integration with PagerDuty

Prerequisites

PagerDuty integrations require Admin rights on the PagerDuty service you want to receive notifications on (to create the routing integration key needed for the integration by GitGuardian).

If you do not have this role, please reach out to a PagerDuty Admin of your service to configure the integration.

Step-by-step instructions

In PagerDuty

From the Configuration menu, select Services.

There are two ways to add an integration to a service:

  • If you are adding your integration to an existing service: click on the name of the service you want to add the integration to. Then, select the Integrations tab and click the Add an Integration button.
  • If you are creating a new service for your integration: please read the PagerDuty documentation – Configuring Services and Integrations, and follow the steps outlined in the Create a New Service section, selecting GitGuardian as the Integration Type.

Select GitGuardian from the Integration Type menu.

Click the Add Integration button to save your new integration. You will be redirected to the Integrations tab for your service.

An Integration Key will be generated on this screen. Keep this key in a safe place, we will need it to configure the integration with GitGuardian in the next section.

Integration Key generated by PagerDuty
Integration Key generated by PagerDuty

In GitGuardian

  1. Navigate to the PagerDuty section in your dashboard Settings > Integrations;
  2. Provide your newly created integration key;
  3. Choose the notification frequency (we recommend going for the first occurrence only);
  4. Click on Submit.

In addition, you can send a test alert from GitGuardian to the PagerDuty service to verify that the integration is now operational.

Send a test alert from GitGuardian to PagerDuty
Send a test alert from GitGuardian to PagerDuty
View the test alert in PagerDuty
View the test alert in PagerDuty

For additional information on the setup, please visit the documentation.

Get your incident alerts delivered wherever you are

By default, GitGuardian notifies dashboard users via email for every incident. This integration extends GitGuardian’s alerting features and allows users to dispatch alerts to their teams through their preferred channels.

For a full overview of GitGuardian’s alerting capabilities, please visit the Notifications section of our documentation.

About PagerDuty

The PagerDuty Operations Cloud is where urgent, unpredictable and unstructured work happens in today’s always-changing, always-on world. Organizations of all sizes trust PagerDuty to handle every type of work across the modern enterprise such as automated incident response, intelligent event and Rundeck automation - for any type of person, technical, executive, back office, or front. PagerDuty empowers developers, DevOps, IT operations, security and business leaders to prevent and resolve business-impacting incidents for exceptional customer experience. With hundreds of native integrations, on-call scheduling & escalations, machine learning, business-wide response orchestration, analytics, and much more, PagerDuty gets the right data in the hands of the right people in real-time, every time.