In an era of escalating cyber threats, the proactive detection of secret leaks (API keys, certificates, credentials) within source code has become a governance imperative.

To address this challenge, a bidirectional integration solution between IBM Engineering Workflow Management (EWM) and GitGuardian has been developed, securing the Software Development Life Cycle (SDLC) without compromising team agility.

A Hybrid Approach: Client and Server-Side

The architecture of this solution relies on two complementary components, providing total flexibility in managing corporate security policies.

1. Server-Side Extension: The Institutional Safeguard

The server-side plugin acts as the final authority during the delivery of change sets. Its role is to ensure strict code compliance before integration into the common stream.

  • Automated Blocking: Depending on the configuration, the plugin can prohibit delivery if a vulnerability is detected by the GitGuardian analyzer.
  • Traceability and Audit: In the event of an anomaly, the system automatically generates an incident within the GitGuardian dashboard.
  • Work Item Enrichment: A comment is injected into the EWM Work Item linked to the change set. This message alerts stakeholders to the nature of the flaw while adhering to confidentiality principles: the secret itself is never exposed in logs or comments.

2. Client-Side Extension: Developer Agility

The client-side plugin intervenes at the earliest stage, directly within the developer’s IDE, promoting “Shift Left Security.”

  • Interactive Alerting: Developers are instantly informed of a potential vulnerability before the code even leaves their workstation.
  • Exception Management (Override): Unlike the rigidity of the server-side check, the client extension offers the possibility to bypass a block. This feature is crucial for managing false positives or documented and accepted risks, thus preventing any bottlenecks in the delivery process.

Functional Summary

FeatureServer Plugin (Pre-Condition)Client Plugin (Pre-Check)
ObjectiveGlobal Compliance & AuditProductivity & Shift-Left
ActionBlocking or InformativeBlocking with Manual Bypass
GitGuardian IntegrationAutomatic Incident CreationReal-time Analysis
EWM FeedbackWork Item CommentUser Notification (UI)

Conclusion

This synergy between IBM EWM and GitGuardian transforms application security from a perceived constraint into an integrated, transparent process. By combining the rigor of server-side controls with the flexibility of client-side tools, organizations can now guarantee the integrity of their software assets with surgical precision.

Stay informed

Technical insights and IBM Jazz ELM news, delivered straight to your inbox.

We could not confirm your subscription.
Your subscription is confirmed.