Getting started
This is the single-machine path: it uses an interactive browser login and needs no service account token. To roll out across a fleet, manage installation and credentials through your MDM with a service account token instead — see Deploy at scale with a service account token.
Prerequisites
- A GitGuardian business account with Endpoint Protection enabled.
Step 1: Install ggshield and enable machine scanning
- Linux / macOS
- Windows (PowerShell)
curl -sSfL \
https://raw.githubusercontent.com/GitGuardian/ggshield/main/scripts/install/install.sh |
bash -s -- --plugin machine_scan
& ([scriptblock]::Create((irm https://raw.githubusercontent.com/GitGuardian/ggshield/main/scripts/install/install.ps1))) `
-Plugin machine_scan
By default the script targets the US workspace. For the EU workspace or a self-hosted instance, export your instance URL before running the command — it then applies to the install and to every command below (same shell):
export GITGUARDIAN_INSTANCE=https://dashboard.eu1.gitguardian.com # or your self-hosted instance URL
Step 2: Run your first scan
ggshield machine scan --dashboard
Step 3: Send your results to GitGuardian
ggshield machine inventory
Your machine then shows up under Endpoint Protection → Machines in the GitGuardian dashboard. See Core concepts for what each view shows.
Verify your setup
Confirm the install and the plugin at any time:
ggshield --version
ggshield plugin list # machine_scan should be listed and enabled
Notes
The script installs the standalone build per user (no admin or sudo required), and each download is checksum-verified against the digest GitHub publishes for the release.
Remove ggshield
To uninstall later, follow Uninstall in the install scripts' README.
Next steps
- Deploy across a fleet: Deploy at scale with a service account token
- What gets scanned: What is scanned
- Manage the plugin: ggshield plugin commands
