Security engineers, are you tired of switching between multiple security tools to find and fix all sorts of vulnerabilities in your codebase? Kondukto and GitGuardian joined hands to provide you with an integration between both platforms, bringing together their knowledge in AppSec orchestration and automated secrets detection.
"GitGuardian is an excellent solution to detect secrets in your repositories. With Kondukto's integration, you can make it a part of your application security operations within a few minutes; create JIRA tickets to code committer or break the build if it doesn't match your security criteria."
Suphi Cankurt, Kondukto
GitGuardian's detection engine already helps organizations find and remediate hardcoded secrets at every step of the software development lifecycle. With the new integration, security engineers can view incidents detected by GitGuardian in their Kondukto Application Security Orchestration & Correlation (ASOC) dashboard alongside vulnerabilities detected by a SAST, DAST, SCA, and all sorts of other security scanners. This means security engineers can now easily access all the information they need in one place to take action and address issues quickly. No more juggling between 4 or 5 dashboards or tools!
Static and dynamic app testing are cornerstones for any comprehensive AppSec program. Yet, they rarely rise up to the challenges of fully securing modern software. Read on to learn why secrets are one of their critical blind spots.
Why you should connect GitGuardian and Kondukto
Centralizing GitGuardian's alerts in the Kondukto dashboard gives you a comprehensive view of your application security posture, enabling you to take a more holistic approach to de-risk your organization's software development lifecycle. Plus, the Kondukto open-source CLI, KDT, makes integrating and orchestrating security tests into your DevOps pipelines easy, streamlining your security without sacrificing speed or productivity.
With GitGuardian's engine continuously monitoring your code repositories, DevOps tools, and infrastructure-as-code configurations, you can be sure that no hardcoded secrets are slipping through the cracks. And when an incident occurs, Kondukto's ability to retrieve the alert and all corresponding metadata ensures a centralized, fast, and efficient resolution process.
Get started with GitGuardian and Kondukto
All it takes to get started is an API token issued by GitGuardian, for Kondukto to retrieve incident metadata and centralize it in the Application Security Orchestration and Correlation (ASOC) dashboard. With this integration, security teams can effortlessly scale their AppSec program and enhance their security posture without disturbing existing development processes.
Step 1 – Sign up for a GitGuardian account
Throughout this guide, we'll assume you already have a Kondukto workspace. If you don't, please get in touch with the Kondukto team to start your free trial.
Getting started with GitGuardian is easy. Signing up via your GitHub account is recommended, but you can also fill out the signup form with an email address and password. Visit https://dashboard.gitguardian.com/auth/signup to sign up.
Step 2 – Add your code repositories
Add at least one Version Control System (VCS) integration to detect hardcoded secrets. GitGuardian integrates with GitHub, GitHub Enterprise, GitLab, Azure Repos, and Bitbucket (server/data center).
Follow our documentation if you need help integrating your repos.
Once you have added your first repositories to your monitored perimeter, GitGuardian will run a first scan to unearth the secrets hiding in the commit history. From there on, it will continuously monitor new commits for secrets.
Step 3 – Generate an API key from GitGuardian
The integration requires the use of a read-only API token issued by GitGuardian.
- If you are on the GitGuardian Business plan, we recommend creating a dedicated service account for this integration.
- Otherwise, if you are on the Free plan, create a Personal Access Token (PAT).
Step 4 – Connect GitGuardian and Kondukto
Once you have your GitGuardian API token, you can connect both platforms. Go to the Integrations section in your Kondukto dashboard and look for GitGuardian.