Managing GitHub Violations
When an end user violates a policy in GitHub, Violations are generated and you can view these Violations on the Nightfall Violations page.
GitHub integration implements Deduplication across GitHub violations. Deduplication reduces the number of distinct violations created for a finding that is already accounted for by an active violation related to the same GitHub branch.
The following table summarises the treatment of a GitHub violation with Deduplication in action when the developer(s) push changes to a file in a GitHub branch.
| State of existing Nightfall Violation | Developer Action on a file in GitHub repo | Automated actions due to Deduplication |
|---|---|---|
No existing violation | Introduce sensitive data | New Violation Created |
Active violation not in a resolved state | Additional code with sensitive data pushed |
|
Active violation not in a resolved state | Code with sensitive findings redacted |
|
Violation in a resolved state | Additional code with sensitive data pushed | New Violation Created |
The following table summarises the treatment of a GitHub violation with Deduplication in action when the developer(s) clones/merges a GitHub branch.
| State of existing Nightfall Violation | Developer Action on a file in GitHub repo | Automated actions due to Deduplication |
|---|---|---|
No existing violation | Branch Clone | No new violations |
Active violation not in a resolved state | Branch Clone |
|
No existing violation | Merge Cloned Branch back or Delete Cloned Branch | No new violations |
No existing violation | Merge Cloned Branch back or Delete Cloned Branch |
|
When a Violation is automatically resolved by the GitHub Deduplication feature (as a result of sensitive data being removed from the concerned GitHub file/repo) the log section of the Violation displays a Resolved automatically message as shown in the following image.
Nightfall Violations Page
To view the Nightfall violations page:
Navigate to the Violations page in Nightfall.
Apply filters to view only GitHub violations.
(Optional) Modify the days filter to view historical violations. You can view violations up to past 180 days.
(Optional) Hover over a violation to view the severity of the violation. You can also check how likely is it that the detected violation is an actual violation (Likely, Very Likely).
Click the ellipsis menu in the right corner to view the list of actions that you can take to initiate on the violation.
Click on any violation to view the exact data that caused the violation (highlighted in red).
Email Notifications
When a data leak occurs, GitHub sends an Email notification to end users, if end users have configured Email as a Notification method in their GitHub account.
Additionally, if Nightfall admins have configured Email Notification in Admin Alerting, Nightfall admins receive the Email notification.
If Nightfall admins have configured Email Notification in the Automation section of End user notification settings, end users receive an email from Nightfall. This Email allows end users to take actions from within the Email.
The Email received from by Nightfall Admins and end-users (if configured), looks as follows.
Viewing Notifications in GitHub
If you have configured GitHub as a Notification in the Automation section of End User Notification, end users can view the violation notification from within GitHub.
Open the file that triggered the violation. A comment is generated by Nightfall which also has the remediation options. The available options are based on the settings you configured in the Automation section of End User Notification.
If an end-user adds sensitive information in a feature branch and merges it with the main branch, Nightfall comments on this pull request.
If an end-user adds sensitive information in the main branch and commits it, Nightfall comments on this GitHub commit.
The Nightfall comment is created by nightfall-for-github bot.
In the following image, the Nightfall comment has two options; Report as False Positive and Report as False Positive with Business Justification. These options are displayed because they were enabled in the End-User Remediation section of the policy.
Additionally, if end-users have configured GitHub to receive Notifications, they can also view the violation under the Notifications page. This Notification also tags the end-user.
To view the Violation message under GitHub notifications, end-users must execute the following steps.
Click the GitHub Notifications icon.
Select the Notification which has a tag (mention).
Scroll down to view the Notification.
Enabling Notifications in GitHub
To view Notifications from within GitHub end-users must enable the GitHub notifications. The steps to enable GitHub notifications are as follows.
Click on your GitHub account icon and select Settings.
Click Notifications from the left pane.
Under Subscriptions, enable GitHub notifications for the Participating, @mentions and custom section.
Click Save.
Last updated
