Enhance reporting with metrics

[Gby56]

Is your feature request related to a problem? Please describe.

Even is ggshield is properly deployed on developer machines etc... we don't get much insights and metrics about "how much is caught", which could tell us a bit more about bad habits, even though they don't leak.

Describe the solution you'd like

GGshield is authenticated to the API, why not ping back the type of secret and author back ?

Describe alternatives you've considered

There is a PR ready to merge in DefectDojo, which makes me think I could modify the pre-commit hook, and report to defectdojo if something is found, instead of using a Gitguardian API.

Additional context

I have discussed that with you in your offices :)

[agateau-gg]

Hi @Gby56,

Just to make sure I understand. What you are asking is something like this:

• User A has ggshield installed as a pre-commit on their machine
• ggshield prevents A from committing 3 secrets
• ggshield reports to GitGuardian "A tried to commit 3 secrets, but ggshield prevented it"

Is that correct? (I personally would be a bit worried about what could be done with this information)

[Gby56]

Hey ! Yes pretty much, without the actual secret values of course, just the type of secret I'd say, potentially the repo name and file path, including the username of course. It would definitely help us showing that we're pushing things left the right way, shifting left