Reviewing Violations
Your Nightfall dashboard has all your GitHub violations in one place so you can easily review, search, and filter violations.

Reviewing a Specific Violation

Click into a violation to review it. In this view, the code snippet is pulled dynamically into view from GitHub so that you can easily see the context of the detected secret.
This view includes information about the commit reference, repository, detector triggered, confidence level of the detection, file path, branch, and author email. You can copy a link to the violation or view it directly in GitHub. This view also helps easily show all violations of the same secret so you can see all instances of this secret proliferating across your codebase.

Violation Statuses

Secrets now have three different statuses: Open, Resolved, and Ignored.
Below, you can see what this would look like in the Nightfall console. You are able to see a holistic view of all violations, as well as their status.
Github Violation Statuses in a Demo Environment
Similarly, you are also able to filter based on status, for example, in case you wanted to only work with violations that are Open, or wanted to exclude violations that are Ignored.
To understand the best practices for working with violations and updating their status during remediation, please follow the instructions below:

Best Practice for Updating Statuses During Remediation

1. When a new violation is detected, the secret’s status is Open.
2. Once the secret has been remediated, set the status to Resolved. If the secret is a false positive, set the status to Ignored. If a secret is Ignored, you won’t receive alerts on any future violations for that secret.
3. You can filter out Resolved and Ignored secrets to focus on items that are Open. If you have our Jira integration, you can also filter out secrets that have been Sent to Jira.
Secrets that are currently resolved will remain Resolved, and secrets that are currently unresolved will be Open. If you have any questions about these updates, reach out to [email protected]

Sending Violations to Jira