ggshield iac scan all
Please note that IaC Prevention features are currently in beta.
This command was implemented in version 1.17.0
Scan a directory for all IaC vulnerabilities in the current state.
ggshield iac scan all [OPTIONS] [DIRECTORY]
The scan is successful if no IaC vulnerability (known or new) was found.
--json: Use JSON output.
--ipa PATTERN: Do not scan paths that match the specified glob-like patterns.
--ipo TEXT: Policies to exclude from the results.
--minimum-severity [LOW|MEDIUM|HIGH|CRITICAL]: Minimum severity of the policies.
--exit-zero: Always return a 0 (non-error) status code, even if incidents are found. This option can also be set with the
This command supports all ggshield global options.
If you need this command to exit with a code 0 even when IaC vulnerabilities are found in a scan, you can pass the option