Best Practices
Best practices for historical scanning on GitHub with Radar.
There are a number of ways you can simplify the task of reviewing and monitoring alerts for GitHub Radar:
  • Automate scanning with on-demand or scheduled workflows to minimize the need to remember to trigger a scan.
  • Configure a webhook via the Nightfall Radar API to get notifications when your scans are complete.
  • Configure your Email Preferences in your Radar settings to choose when you would like to receive email notifications about scan and workflow status.
  • Maintain an “allow list” of known safe tokens, files, or paths to avoid time spent responding to false positive results within your scans. The allow list enables you to "allow" tokens, files, or directories to pass through our filters undetected. In other words, items on the allow list will be ignored when displaying scan results for a repository. For example, if there is a test API key in your repository that you do not want to get flagged by Radar - you can add it to the allow list. The allow list applies on a global, account level and will affect all subsequent scans for all repos.
  • Trigger scans or retrieve scan results programmatically via the Nightfall Radar API for greater control over your own workflows and to bake credentials/secrets scanning into your own workflows.
  • Leverage the “signature” field found in the scan results response for each finding to determine net new findings from scan to scan.
To further leverage Nightfall’s detectors in your own workflows and business logic, for example in pre-commit hooks, explore the Nightfall Developer Platform.
Copy link