Create a Personal Access Token or a Service Account token in the GitGuardian dashboard and export it as GITGUARDIAN_API_KEY in your environment.
Send GET https://api.gitguardian.com/v1/incidents with the header Authorization: Token YOUR_TOKEN to list detected secrets incidents; use query params status, severity, and date_before / date_after to filter.
Retrieve details for a specific incident with GET /v1/incidents/{incident_id} to see affected sources, secret type, and suggested remediation steps.
Mark an incident as resolved with PATCH /v1/incidents/{incident_id} and a JSON body containing status: RESOLVED and an optional comment.
Use GET /v1/audit-logs to pull an audit trail of all API and dashboard actions for compliance reporting.
Automate remediation workflows by combining the incidents endpoint with your ticketing API to create, update, and close tickets when incident status changes.
Known gotchas
Service Account tokens require a Business or Enterprise plan and can only be created by workspace Owners or Managers.
The incidents list endpoint is paginated; always follow the cursor or page parameter in the response to avoid missing records.
Resolving an incident in GitGuardian does not rotate the exposed credential; rotation must be done in the upstream system.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp