Skip to main content

FAQ

When does GuardRails comment on a PR/MR?

GuardRails only comments on a PR/MR if any security issues have been identified. If no security issues are identified no PR/MR comments will be added.

Does GuardRails filter out scan results?

Yes, in order to be accurate, GuardRails filters out certain results. For example, typical test files or folders, such as test, spec, etc. will not trigger results.

What qualifies as a GuardRails issue?

Our vision is to make security a commodity. As part of that the biggest problem to tackle, besides making security accessible, is to make security relevant and actionable. Security tools are designed to identify all patterns that may cause security issues, no matter how low the potential impact. This provides a big hurdle for developers that are not experts in security, because they have to understand which issues are relevant and which issues aren't.

We at GuardRails spend a tremendous amount of time on tuning the rules, improving them and making sure the amount of false positives are continuously getting closer to 0. GuardRails issues are security issues that have a high impact if exploited by attackers. This means issues that cause the targeted application to stop working (Denial of Service), allow attackers to get full access to user data, or allow attackers to take over the application.

For that reason, GuardRails may be perceived as "quiet". Our goal is to not bother people with security, unless it is absolutely necessary to take immediate action.

Does GuardRails work for front-end code or mobile apps?

Yes, GuardRails works for front-end code and mobile apps.

Can we allowlist the GuardRails IPs for the GuardRails GitHub app?

Yes, you can use the following IP addresses for the GuardRails SaaS platform:

  • 18.116.11.134
  • 3.20.178.137
  • 3.129.95.186

More information on allowlisting for GitHub apps can be found here.

Which Platforms do you support?

At the moment we are supporting GitHub, GitHub Enterprise, GitLab and Bitbucket. Support for other Versioning Control Platforms (VCS) is on the roadmap. If you are looking for a VCS that we do not support at the moment, please drop us a line at [email protected].