Git Custodian Insights

Owned by Aruna Pattabiraman (Unlicensed)
Last updated: Jul 25, 2022 by Christina
4 min read

The Git Custodian Dashboard is a single pane of glass that provides visibility on all commits and secrets that have been identified through Git Custodian scans using Opsera Tasks. This dashboard is available in Insights Git Custodian tab.

 

Git Custodian Report

Each of the 5 Git Custodian Reports contains a visual chart displayed in a carousel. Scroll to the right to see more.

  1. Total Repositories - This chart provides the total number of repositories split by total clean and total unclean repositories. Supported filters are Date Range, Authors, Origin, Repositories, and Status.

  2. Timeline - This represents the new secrets that have been exposed in a time series. The default time range is 3 months. Horizontal axis for Date, Vertical axis for Issues added. Supported filters are Time/Date Range, Authors, Origin, Repositories, and Status.

  3. Top Secrets - Always limits to 5 commit hashes. The top commit hashes with the most number of secrets exposed. All filters are supported. For a given date range, the Top 5 commits that stand out with highest number of secrets are displayed.

  4. Top Repositories - Limits to 5 repositories. The top repositories with highest number of secrets exposed. All filters are applicable. For a given date range, the Top 5 Repositories that stand out with highest number of secrets are displayed.

  5. Top Users - Limits to 5 users. This chart depicts the top 5 users who have contributed to exposing the most secrets. For a given date range, it represents the Top 5 Users whose commits have exposed highest number of secrets. All filters are supported.

Vulnerable Commits

The table view report of Vulnerable Commits provides the list of secrets exposed in detail. Users will be able to see when the issue was exposed, which repository, the Author, secret location in the repository, exposure time, secret type, and the Jira Ticket number (if created). All filters except the Date Range are supported to this table. Apart from these, there are other features/capabilities.

  1. More Info - To get more information on a specific issue, click on the lens icon in each row under the Info column.

  2. Link to Commit - Click on the icon in the Line Number column to redirect to the exact filename and commit the issue was created.

  3. Export - Top right corner of the table view has a button to export the list of issues in a PDF format.

  4. Create Jira Ticket - This option allows users to create a Jira Ticket by selecting a set of issues, and also selecting the right Project Key and Issue Type to create the ticket. This ticket will contain details on the secrets, which includes Repository, Line number and File path. Click the +New Jira Ticket button to open the Create New Jira Ticket form.

 

  • Jira Tool Id - Select the configured Tool Registry entry.

  • Projects - Select the appropriate project to create the ticket in.

  • Issue Type - The list of issue types will appear. Select the appropriate type of Issue.

  • Vulnerabilities List - Select the list of issues which should be part of the Jira ticket. User can select more than 1 issue, or select all.

5. Click Save button.

Once saved, a new Jira issue will be created in the selected project with issue type. Once the Jira issue is created, issue details will also be reflected in the Vulnerable Commits table.

 

Filters

There are various filters that can be applied in order to scrutinize the data, or slice and dice them to view specific results. To apply filters, click the filter icon in the top right corner of the Git Custodian header.

This opens a form with filter options:

Use any of these filters to slice the results and scrutinize only a selected set of results. Click Save to apply the selected filters.