-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance reporting with metrics #421
Comments
Hi @Gby56, Just to make sure I understand. What you are asking is something like this:
Is that correct? (I personally would be a bit worried about what could be done with this information) |
Hey ! Yes pretty much, without the actual secret values of course, just the type of secret I'd say, potentially the repo name and file path, including the username of course. It would definitely help us showing that we're pushing things left the right way, shifting left |
Is your feature request related to a problem? Please describe.
Even is ggshield is properly deployed on developer machines etc... we don't get much insights and metrics about "how much is caught", which could tell us a bit more about bad habits, even though they don't leak.
Describe the solution you'd like
GGshield is authenticated to the API, why not ping back the type of secret and author back ?
Describe alternatives you've considered
There is a PR ready to merge in DefectDojo, which makes me think I could modify the pre-commit hook, and report to defectdojo if something is found, instead of using a Gitguardian API.
Additional context
I have discussed that with you in your offices :)
The text was updated successfully, but these errors were encountered: