Bring Your Own Source (BYOS) - Scan Any Data Source for Secrets
Welcome to the GitGuardian BYOS Integration Hub! This repository provides ready-to-use examples and integration patterns to help you scan any custom data source for exposed secrets, credentials, and sensitive information using GitGuardian's powerful detection engine.
Bring Your Own Source (BYOS) extends GitGuardian's secret detection capabilities to any data source in your organizationβeven those without native integrations.
π‘ Can't find a native integration for your source? Bring your own!
With BYOS, you can:
- β Scan any text-based content from custom applications, legacy systems, or unique workflows
- β Leverage 450+ built-in secret detectors (API keys, database credentials, tokens, certificates, and more)
- β Get automatic incident creation in your GitGuardian dashboard with severity levels and remediation guidance
- β Maintain comprehensive security coverage across your entire infrastructure
- β Integrate seamlessly using Python SDK or REST API
This repository includes production-ready integrations for popular platforms:
| Integration | Description | Use Case |
|---|---|---|
| π€ Anthropic Claude | Scan Claude project configurations and system prompts | AI/LLM prompt security |
| πͺοΈ Dust | Scan Dust agent instructions and workflows | AI agent security |
| π GitHub Gists | Scan public and private GitHub Gists | Code snippet security |
| π GitLab Snippets | Scan GitLab code snippets | Code snippet security |
| π§ OpenAI | Scan OpenAI Assistant configurations | AI/LLM assistant security |
Each integration includes:
- π¦ Complete source code with best practices
- π Setup instructions and configuration examples
- π Automatic scanning with change detection
- π‘οΈ Direct integration with GitGuardian's incident management
- Exhaustive Coverage: Ensure secret scanning coverage across all data sources- Centralized Secret Management: All detected secrets flow into a single GitGuardian dashboard
- Incident Response: Automated alerting and remediation workflows
- Easy Integration: Simple Python scripts or REST API calls
- Flexible Deployment: Run on-demand, scheduled, or event-driven
- Extensive Detection: 450+ secret types detected automatically
- Clear Documentation: Well-documented examples to adapt for your needs
- CI/CD Integration: Scan build logs, deployment configs, and infrastructure code
- Automation Friendly: Integrate with existing automation pipelines
- Scalable: Scan thousands of documents efficiently
- Low Maintenance: Minimal infrastructure requirements
First, create a custom source in your GitGuardian dashboard:
- Navigate to Internal Monitoring β Sources
- Click Add Source β Custom Source
- Name your source (e.g., "Confluence Wikis", "Jenkins Logs")
- Copy the Source UUID for later use
π Detailed BYOS Setup Guide
Create a service account with scanning permissions:
- Go to Settings β API β Service Accounts
- Create a new service account
- Grant
scanandscan:create-incidentspermissions - Save the generated API key securely
Scan any content directly with ggshield:
# Install ggshield
pip install ggshield
# Scan a file
ggshield secret scan path /path/to/your/file
# Scan a directory
ggshield secret scan path /path/to/directory --recursive
# Scan with BYOS (creates incidents in dashboard)
ggshield secret scan path /path/to/file --source <SOURCE_UUID>Browse our ready-to-use integrations and customize them:
# Clone this repository
git clone https://github.com/GitGuardian/gg-byos-lab.git
cd gg-byos-lab
# Choose an integration (e.g., GitHub Gists)
cd github-gist
# Install dependencies
pip install -r requirements.txt
# Configure your credentials
cp env.example .env
# Edit .env with your API keys
# Run the scanner
python scan_github_gists.pyUse the Python SDK for custom integrations:
from pygitguardian import GGClient
# Initialize the client
client = GGClient(api_key="your_api_key")
# Prepare your documents
documents = [
{
"document": "your content to scan",
"filename": "source_file.txt"
}
]
# Scan and create incidents
result = client.scan_and_create_incidents(
documents=documents,
source_uuid="your_source_uuid"
)
# Handle results
if result.success:
print(f"Scan completed: {len(result.scan_result.secrets)} secrets found")Or use the REST API directly:
curl -X POST https://api.gitguardian.com/v1/scan/create-incidents \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"source_uuid": "YOUR_SOURCE_UUID",
"documents": [
{
"document": "content to scan",
"filename": "example.txt"
}
]
}'- Scan Claude projects, OpenAI assistants, and custom AI prompts
- Detect secrets in system prompts and training data
- Secure AI agent configurations
- Monitor GitHub Gists and GitLab Snippets
- Scan developer documentation and wikis
- Check code examples and tutorials
- Scan Terraform configurations and Ansible playbooks
- Check Kubernetes manifests and Helm charts
- Audit infrastructure-as-code repositories
- Scan Jenkins, GitHub Actions, or GitLab CI logs
- Check build artifacts and deployment scripts
- Monitor pipeline configurations
- Scan SFTP servers and file shares
- Check mainframe outputs and reports
- Audit database configuration files
We welcome contributions from the community! Whether you're:
- π Adding a new integration
- π Fixing bugs or improving existing integrations
- π Enhancing documentation
- π‘ Sharing use cases and best practices
Please read our Contribution Guidelines to get started.
We'd love to see contributions for:
- π§ CI/CD platforms (CircleCI, Travis CI, Azure DevOps)
- π File storage (Dropbox, Box, OneDrive)
- π¬ Communication platforms (Slack archives, Microsoft Teams)
- π Documentation tools (Notion, Confluence, MediaWiki)
- ποΈ Database configs (PostgreSQL, MySQL, MongoDB)
- βοΈ Cloud services (AWS CloudFormation, Azure ARM templates)
- π Official BYOS Documentation
- π Python SDK (py-gitguardian)
- π GitGuardian API Reference
- π‘οΈ ggshield CLI Documentation
- π¬ Community Forum
- π¬ Questions? Open an issue or visit our Community Forum
- π§ Enterprise Support: Contact your GitGuardian account team
- π Found a bug? Submit a detailed bug report
- π‘ Feature request? Share your ideas in discussions
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
π‘οΈ Secure your code. Protect your secrets. Scale your security.
