Getting Started with BleedWatch

BleedWatch is an External Attack Surface Management (EASM) platform that continuously monitors your organization's public internet footprint for exposed secrets, credentials, and vulnerabilities.

What BleedWatch Monitors

BleedWatch scans across multiple surfaces:

NPM packages — secrets accidentally shipped in published packages
Docker images — credentials embedded in image layers
GitHub repositories — tokens, keys, and sensitive data in public repos
PyPI packages — Python package credential exposure
Dark web — credential dumps mentioning your domains

First Steps

1. Log in to the Dashboard

Visit app.bleedwatch.com and sign in with your credentials.

2. Add Your Assets

Go to Settings → Assets and add the domains, GitHub organizations, NPM scopes, and Docker registries you want to monitor.

3. Review Your Findings

Once assets are configured, BleedWatch will begin scanning. Go to Findings to see what has been discovered.

4. Connect GitHub Shield

For CI/CD security, go to Shield and install the BleedWatch GitHub App to enable automated scanning of your repositories.

Dashboard Overview

The main dashboard shows:

Section	Description
Findings	All detected secrets and vulnerabilities
CVEs	Software vulnerabilities affecting your dependencies
Hosts	Public-facing infrastructure
Shield	CI/CD security scanner
Dark Web	Credential exposure monitoring
Reports	Exportable compliance reports

Getting Help

If you need assistance, contact your BleedWatch account manager or reach out via the in-app support chat.

What BleedWatch Monitors​

First Steps​

1. Log in to the Dashboard​

2. Add Your Assets​

3. Review Your Findings​

4. Connect GitHub Shield​

Dashboard Overview​

Getting Help​