Discover how many secrets your developers have leaked on public GitHub, both company-related and personal.
š® YOU HAVE {{ triesLeft }} OF {{ triesTotal }} SCANS LEFT TODAY.
You've taken the first step towards a healthier GitHub security posture.
Active developers in perimeter
Number of developers who used an email address from your domain (e.g., random_user@{{derivedDomainName}}) to commit on GitHub. This also includes developers from your parent company and any existing subsidiaries. If that's the case, we encourage you to request a detailed audit, and we can adjust it to focus only on the domains you specify.
Commits scanned
secrets leaked
valid secrets
To provide you with high-precision alerts, GitGuardian tries to verify the validity of secrets through non-intrusive API calls made to the host, if and when possible. If a secret is labeled "valid," it means it can still be exploited and should be revoked and rotated. More info
Your GitHub attack surface posture is good but could use some enhancements.
After a comprehensive analysis, GitGuardian gave {{derivedDomainName}} a score of {{ score }}. Even if your company ranks below the 25th percentile compared to similar-sized companies, we found hardcoded secrets within your scope that require attention.
Active developers in perimeter
Number of developers who used an email address from your domain (e.g., random_user@{{derivedDomainName}}) to commit on GitHub. This also includes developers from your parent company and any existing subsidiaries. If that's the case, we encourage you to request a detailed audit, and we can adjust it to focus only on the domains you specify.
Commits scanned
secrets leaked
valid secrets
To provide you with high-precision alerts, GitGuardian tries to verify the validity of secrets through non-intrusive API calls made to the host, if and when possible. If a secret is labeled "valid," it means it can still be exploited and should be revoked and rotated. More info
You've taken the first step towards a healthier GitHub security posture.
After a comprehensive analysis, GitGuardian gave {{ derivedDomainName }} a score of {{ score }}. You're in the 25th to 50th percentile among companies of similar size in our study. We found a significant amount of hardcoded secrets within your scope that require attention.
Active developers in perimeter
Number of developers who used an email address from your domain (e.g., random_user@{{derivedDomainName}}) to commit on GitHub. This also includes developers from your parent company and any existing subsidiaries. If that's the case, we encourage you to request a detailed audit, and we can adjust it to focus only on the domains you specify.
Commits scanned
secrets leaked
valid secrets
To provide you with high-precision alerts, GitGuardian tries to verify the validity of secrets through non-intrusive API calls made to the host, if and when possible. If a secret is labeled "valid," it means it can still be exploited and should be revoked and rotated. More info
Your GitHub attack surface posture needs considerable attention and improvements.
Active developers in perimeter
Number of developers who used an email address from your domain (e.g., random_user@{{derivedDomainName}}) to commit on GitHub. This also includes developers from your parent company and any existing subsidiaries. If that's the case, we encourage you to request a detailed audit, and we can adjust it to focus only on the domains you specify.
Commits scanned
secrets leaked
valid secrets
To provide you with high-precision alerts, GitGuardian tries to verify the validity of secrets through non-intrusive API calls made to the host, if and when possible. If a secret is labeled "valid," it means it can still be exploited and should be revoked and rotated. More info
Your GitHub attack surface posture is at risk and needs urgent attention.
Active developers in perimeter
Number of developers who used an email address from your domain (e.g., random_user@{{derivedDomainName}}) to commit on GitHub. This also includes developers from your parent company and any existing subsidiaries. If that's the case, we encourage you to request a detailed audit, and we can adjust it to focus only on the domains you specify.
Commits scanned
secrets leaked
valid secrets
To provide you with high-precision alerts, GitGuardian tries to verify the validity of secrets through non-intrusive API calls made to the host, if and when possible. If a secret is labeled "valid," it means it can still be exploited and should be revoked and rotated. More info
Public GitHub Attack Surface Score
From A to E the public GitHub attack surface score measures the overall state of your domain regarding secrets sprawl.
Commits scanned
All activity on GitHub is linked to a commit email. We can tie such commit emails to GitHub accounts, and hence monitor that accountŹ¼s activity.
Active developers in your perimeter
Developers who mentioned your company name on their GitHub profile, or use their company email address when pushing code publicly on GitHub.
Secrets leaked publicly on GitHub
Secrets are digital authentication credentials granting access to systems or data. These are most commonly API keys or usernames and passwords.
Valid secrets publicly available on GitHub
Secrets that can still be exploited by persons with malicious intent.
Secrets breakdown by category
Percentage of secrets leaks for each category (eg. Private key, Version control platform, Cloud provider, Messaging system, Data storage, etc.).
Direct mentions of your company in commits
Commits that mention your company domain in the committed code.
Developers involved in at least one secret leak
Developers from your perimeter who have leaked at least one secret.
Secrets contained in a sensitive file
Secrets that were published inside a file that is sensitive in itself, such as a configuration file.
Public events
A Public Event occurs when a private repository is made public. Such an event is sensitive as it discloses the entire history of a repository, where sensitive data could be found.
Secrets erased from GitHub
Secrets that can no longer be found on GitHub, but have been leaked and can be found in GitHub archives.
Our secrets detection engine has been running in production since 2017, analyzing billions of commits coming from GitHub. The algorithms and detectors constantly train against a dataset of %dscb% billions commits. The latest State of Secrets Sprawl 2024 reveals 12.8 million new secrets occurrences were exposed on GitHub in 2023. And we are able to tell you how many leaks are tied to your company by first identifying your developers active on GitHub.
Even if your organization doesn't engage in open source, your developers or subcontractors may inadvertently leak sensitive information on their personal GitHub repositories. This includes corporate secrets or source code, posing a significant risk.
The audit generates a score ranging from A to E. This score factors in the volume of hardcoded secrets detected, the number of leakers (developers who have leaked at least one secret), and the number of developers within your scope over the past three years. Companies are grouped by their number of developers, allowing for a fair comparison.
Yes, we came up with this term after a surprising (though not entirely unexpected) discovery: when repository owners find a sensitive leak, they often respond by either deleting the repository or making it private, thinking this will cut off public access to the sensitive information.
The problem is, this approach can create a major security risk for them or their organization: it can lead to what we call a "zombie leak".
Yes, after we send you the detailed audit directly to your inbox (no sales call necessary), our team can provide examples of critical secrets tied to your organization.