ggshield v1.13: Detect secret in source code, scan your repo for leaks
GitGuardian Shield: protect your secrets with GitGuardian
GitGuardian shield (ggshield) is a CLI application that runs in your local environment or in a CI environment to help you detect more than 300 types of secrets, as well as other potential security vulnerabilities or policy breaks.
Only metadata such as call time, request size, and scan mode is stored from scans using GitGuardian shield, therefore secrets and policy breaks incidents will not be displayed on your dashboard and your files and secrets won’t be stored.
You’ll need an API Key from GitGuardian to use ggshield.
Currently supported integrations
- Azure Pipelines
- Bitbucket Pipelines
- Circle CI Orbs
- GitHub Actions
- Pre-commit hooks
- Pre-push hooks
- Pre-receive hooks
- Travis CI
🚀 New features
- The new
ggshield iac scancommand lets you detect vulnerabilities in your Infrastructure as Code files. Note that this feature is experimental for now.
ggshield secret scan reponow continues scanning if a commit fails to scan (#267).
- ggshield now provides a
--debugoption to help diagnose problems.
🐛 Bug fixes
- ggshield now uses stderr to report all progress and warnings, making it possible to pipe commands generating JSON such as
secret scan --jsonto tools like
- The file-system banlist of
ggshield secret scan dockerhas been improved (#193).
ggshield secret scan pre-receiveand
ggshield secret scan repono longer fail on filenames containing spaces (#273, #296).
ggshield secret scan repono longer floods the terminal with “No secrets found” messages (#265).
- The commands used by the pre-commit hooks and by the GitHub action no longer use the deprecated
- The configuration file format has changed, learn more about this change and how to adapt to it from the documentation.
Copyright (c) 2019 GitGuardian